CVE-2015-2997

SysAid Help Desk <15.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2997.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in SysAid Help Desk 14.4, including administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. The document provides specific exploit details, constraints, and affected versions for each vulnerability.

Description

SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.

Exploits (1)

exploitdb WRITEUP

webappshardware

https://www.exploit-db.com/exploits/43885

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in SysAid Help Desk 14.4, including administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. The document provides specific exploit details, constraints, and affected versions for each vulnerability.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: SysAid Help Desk 14.4

No auth needed

Prerequisites: Network access to the target system · Specific versions of Java for some exploits

MITRE ATT&CK