CVE-2006-6999

Headstart Solutions DeskPRO - Unauthenticated Exposure of Sensitive Information via attachment.php id Parameter

Title source: llm
STIX 2.1

Description

attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.

References (1)

Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt

Scores

EPSS 0.0104
EPSS Percentile 59.9%

Details

CWE
CWE-200
Status published
Products (2)
headstart_solutions/deskpro 2.0.0
headstart_solutions/deskpro 2.0.1
Published Feb 12, 2007
Tracked Since Feb 18, 2026