Exploitation Summary
EIP tracks 1 public exploit for CVE-2015-3000.
AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in SysAid Help Desk 14.4, including administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. The writeup provides specific technical details, such as affected endpoints, payloads, and constraints for each vulnerability.
Description
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack.
Exploits (1)
This is a detailed technical writeup describing multiple vulnerabilities in SysAid Help Desk 14.4, including administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. The writeup provides specific technical details, such as affected endpoints, payloads, and constraints for each vulnerability.