Cerberus Helpdesk rpc.php Information Disclosure

medium Nessus Network Monitor Plugin ID 3797

Synopsis

The remote web server contains a PHP script that is affected by an information disclosure issue.

Description

The remote host is running Cerberus Helpdesk, a web-based helpdesk suite written in PHP. The installed version of Cerberus Helpdesk on the remote host allows an unauthenticated attacker to retrieve information about ticket requesters through the 'rpc.php' script.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 3797

Family: CGI

Published: 10/21/2006

Updated: 3/6/2019

Nessus ID: 22876

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:W/RC:C

Vulnerability Information

CPE: cpe:/a:cerberus:cerberus_helpdesk

Reference Information

CVE: CVE-2006-5428

BID: 20598

Detections

Analytics

Cerberus Helpdesk rpc.php Information Disclosure

medium Nessus Network Monitor Plugin ID 3797

Synopsis

Description

Solution

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information