------=_Part_17037_4079956.1131094279524
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

hi,
I have found a vulnerability in cerberus helpdesk latest stable version,
caused by insufficient authentication checks and leads to access of files
submitted by other users.
If you open a ticket with an attachment, it can be viewed by an url like
this:
http://www.website.com/path-to-cerberus/attachment_send.php?file_id=3DXXXX&=
thread_id=3DYYYYYY
by changing XXXX leaving YYYYYY same, you can download other attacments and
tickets submitted by other users.
As this helpdesk is mostly used in hosting sites, and most of the users add
important details like username && password this vulnerability can lead to
serious issues.
regards,
cumhur onat

------=_Part_17037_4079956.1131094279524
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<span class=3D"gmail_quote"></span>hi,<br>
I have found a vulnerability in cerberus helpdesk latest stable
version, caused by insufficient authentication checks and leads to
access of files submitted by other users.<br>
If you open a ticket with an attachment, it can be viewed by an url like th=
is:<br>
<a href=3D"http://www.website.com/path-to-cerberus/attachment_send.php?file=
_id=3DXXXX&thread_id=3DYYYYYY" target=3D"_blank" onclick=3D"return top.=
js.OpenExtLink(window,event,this)">http://www.website.com/path-to-cerberus/=
attachment_send.php?file_id=3DXXXX&thread_id=3DYYYYYY
</a><br>
by changing XXXX leaving YYYYYY same, you can download other attacments and=
 tickets submitted by other users.<br>
As this helpdesk is mostly used in hosting sites, and most of the users
add important details like username && password this
vulnerability can lead to serious issues.<br>
regards,<br><span class=3D"sg">
cumhur onat<br>

</span>

------=_Part_17037_4079956.1131094279524--