------=_Part_17037_4079956.1131094279524 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline hi, I have found a vulnerability in cerberus helpdesk latest stable version, caused by insufficient authentication checks and leads to access of files submitted by other users. If you open a ticket with an attachment, it can be viewed by an url like this: http://www.website.com/path-to-cerberus/attachment_send.php?file_id=3DXXXX&= thread_id=3DYYYYYY by changing XXXX leaving YYYYYY same, you can download other attacments and tickets submitted by other users. As this helpdesk is mostly used in hosting sites, and most of the users add important details like username && password this vulnerability can lead to serious issues. regards, cumhur onat ------=_Part_17037_4079956.1131094279524 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline hi,
I have found a vulnerability in cerberus helpdesk latest stable version, caused by insufficient authentication checks and leads to access of files submitted by other users.
If you open a ticket with an attachment, it can be viewed by an url like th= is:
http://www.website.com/path-to-cerberus/= attachment_send.php?file_id=3DXXXX&thread_id=3DYYYYYY
by changing XXXX leaving YYYYYY same, you can download other attacments and= tickets submitted by other users.
As this helpdesk is mostly used in hosting sites, and most of the users add important details like username && password this vulnerability can lead to serious issues.
regards,
cumhur onat
------=_Part_17037_4079956.1131094279524--