attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
Software | From | Fixed in |
---|---|---|
cerberus / cerberus_helpdesk | 2.0 | 2.0.x |
cerberus / cerberus_helpdesk | 2.1 | 2.1.x |
cerberus / cerberus_helpdesk | 2.2 | 2.2.x |
cerberus / cerberus_helpdesk | 2.3 | 2.3.x |
cerberus / cerberus_helpdesk | 2.4 | 2.4.x |
cerberus / cerberus_helpdesk | 2.5 | 2.5.x |
cerberus / cerberus_helpdesk | 2.6.1 | 2.6.1.x |