CVE-2006-5428

Published: Oct 20, 2006Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.

Affected (1)

Products: Cerberus: Cerberus Helpdesk

Cerberus

1 product

Cerberus Helpdesk

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cerberus Cerberus Helpdesk	Version 3.2.1

References (10)

http://forum.cerberusweb.com/showthread.php?t=7922

Source: cve@mitre.org

http://secunia.com/advisories/22418

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/20598

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4089

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/29655

Source: cve@mitre.org

http://forum.cerberusweb.com/showthread.php?t=7922