rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote malicious users to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cerberus cerberus helpdesk 3.2.1 |