Webgroupmedia : Security Vulnerabilities, CVEs,
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
Max CVSS
6.8
EPSS Score
0.98%
Published
2015-09-03
Updated
2018-10-09
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
Max CVSS
5.0
EPSS Score
0.22%
Published
2009-03-06
Updated
2009-03-10
2 vulnerabilities found