CVE-2016-5049

Name of the Vulnerable Software and Affected Versions ReadyDesk version 9.1

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter in the "chat/openattach.aspx" endpoint.

Recommendations For ReadyDesk version 9.1, consider restricting access to the "chat/openattach.aspx" endpoint until a patch is available. As a temporary workaround, avoid using the SESID and FNAME parameters in this endpoint to minimize the risk of exploitation.