CVE-2008-6440

Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.

Published: Mar 6, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-6440
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
webgroupmedia / cerberus_helpdesk	0.97.3	0.97.3.x
webgroupmedia / cerberus_helpdesk	2.6.1	2.6.1.x
webgroupmedia / cerberus_helpdesk	2.0	2.0.x
webgroupmedia / cerberus_helpdesk	3.2.1	3.2.1.x
webgroupmedia / cerberus_helpdesk	2.3	2.3.x
webgroupmedia / cerberus_helpdesk	3.2	3.2.x
cerberus / cerberus_helpdesk	2.5	2.5.x
webgroupmedia / cerberus_helpdesk	2.649	2.649.x
webgroupmedia / cerberus_helpdesk	-	3.3.x
webgroupmedia / cerberus_helpdesk	2.7	2.7.x
webgroupmedia / cerberus_helpdesk	2.7.1-development_release	2.7.1-development_release.x
webgroupmedia / cerberus_helpdesk	2.2	2.2.x
webgroupmedia / cerberus_helpdesk	2.4	2.4.x
webgroupmedia / cerberus_helpdesk	2.1	2.1.x

Vulnerability Database

290,020

CVE-2008-6440