cbcvebase.

Cerberus Helpdesk vulnerabilities

9 known vulnerabilities affecting cerberus/cerberus_helpdesk.

Total CVEs
9
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2005-4427P3HIGHCVSS 7.5PoCv2.6492005-12-20
CVE-2005-4427 [HIGH] CVE-2005-4427: Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitr Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) que
nvd
CVE-2006-5428P4MEDIUMCVSS 5.0PoCv3.2.12006-10-20
CVE-2006-5428 [MEDIUM] CVE-2006-5428: rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requester rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
nvd
CVE-2006-0509P4MEDIUMCVSS 4.3PoCv2.7v2.7.1_development_release2006-02-01
CVE-2006-0509 [MEDIUM] CVE-2006-0509: Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2. Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.
nvd
CVE-2006-4539P4HIGHCVSS 7.5v3.22006-09-05
CVE-2006-4539 [HIGH] CVE-2006-4539: (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Cl (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are o
nvd
CVE-2005-3502P4MEDIUMCVSS 5.0v2.0v2.1+5 more2005-11-05
CVE-2005-3502 [MEDIUM] CVE-2005-3502: attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
nvd
CVE-2008-6440P4MEDIUMCVSS 5.0v2.52009-03-06
CVE-2008-6440 [MEDIUM] CWE-287 CVE-2008-6440: Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
nvd
CVE-2005-4428P4MEDIUMCVSS 4.3v2.6492005-12-20
CVE-2005-4428 [MEDIUM] CVE-2005-4428: Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers t Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.
nvd
CVE-2005-1962P4MEDIUMCVSS 4.3v0.97.32005-06-16
CVE-2005-1962 [MEDIUM] CVE-2005-1962: Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inje Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.
nvd
CVE-2005-1963P4MEDIUMCVSS 5.0v0.97.32005-06-16
CVE-2005-1963 [MEDIUM] CVE-2005-1963: Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain request Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.
nvd
Cerberus Helpdesk vulnerabilities | cvebase