Directory Traversal Vulnerabilities in SysAid Help Desk before 15.2

Directory Traversal Vulnerabilities in SysAid Help Desk before 15.2

CVE-2015-2996 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:N/A:C

Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.

Learn more about our Web Application Penetration Testing UK.