CVE-2008-0395

Name of the Vulnerable Software and Affected Versions Kayako SupportSuite version 3.11.01

Description The issue allows remote attackers to obtain server configuration information. This is achieved by making a direct request to the "syncml/index.php" endpoint, which prints the contents of the $ SERVER superglobal, thus exposing sensitive server configuration details.

Recommendations For Kayako SupportSuite version 3.11.01, consider restricting access to the "syncml/index.php" endpoint to prevent unauthorized disclosure of server configuration information. As a temporary workaround, disabling public access to this endpoint can help minimize the risk of exploitation until a more permanent fix is available.