2007-02-12 17:00:00
mitre
PUBLISHED
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.