PT-2009-1532 · Liberum · Liberum Help Desk

Cold Zero

Published

2009-02-04

Updated

2017-09-29

CVE-2008-6057

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Liberum Help Desk version 0.97.3

Description The issue allows remote attackers to obtain passwords due to insufficient access control. Specifically, the db/helpdesk2000.mdb file is stored under the web root, enabling attackers to access it via a direct request.

Recommendations For version 0.97.3, consider restricting access to the db/helpdesk2000.mdb file to prevent unauthorized access until a patch is available. As a temporary workaround, moving the file outside of the web root or implementing proper access controls can help mitigate the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-6057

Affected Products

Liberum Help Desk

PT-2009-1532 · Liberum · Liberum Help Desk

CVE-2008-6057

Weakness Enumeration

Related Identifiers

Affected Products

References · 3