← back
CVE-2006-5428

CVE-2006-5428

EPSS 2.7%
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/28826unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://forum.cerberusweb.com/showthread.php?t=7922http://secunia.com/advisories/22418https://exchange.xforce.ibmcloud.com/vulnerabilities/29655http://www.securityfocus.com/bid/20598http://www.vupen.com/english/advisories/2006/4089