Unprotected install.php in Help Desk Reloaded Free Help Desk allows privilege escalation

Unprotected install.php in Help Desk Reloaded Free Help Desk allows privilege escalation

CVE-2005-4025 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user.

Learn more about our User Device Pen Test.