CVE-2006-5428

Publication date

2006-10-20 21:00:00

Family

mitre

State

PUBLISHED

Description

rpc.php in Cerberus Helpdesk 3.2.1 does not verify a clients privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.