CVE-2005-4638

Name of the Vulnerable Software and Affected Versions Kayako SupportSuite versions 3.00.26 and earlier

Description The issue allows remote attackers to obtain the full path via specific parameters in different modules. This is possible through the a and newsid parameters in the news module, the downloaditemid parameter in the downloads module, and the kbarticleid parameter in the knowledgebase module.

Recommendations For Kayako SupportSuite versions 3.00.26 and earlier, update to a version later than 3.00.26 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.