CVE-2006-6999
Headstart Solutions DeskPRO - Unauthenticated Exposure of Sensitive Information via attachment.php id Parameter
Title source: llmDescription
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt
Scores
EPSS
0.0104
EPSS Percentile
59.9%
Details
CWE
CWE-200
Status
published
Products (2)
headstart_solutions/deskpro
2.0.0
headstart_solutions/deskpro
2.0.1
Published
Feb 12, 2007
Tracked Since
Feb 18, 2026