ArcticDesk Local File Inclusion Vulnerability
ArcticDesk is a lightweight support help desk solution. It lets you manage tickets, emails, announcements, articles, downloads and more, all in one place.
There is a local file inclusion vulnerability present within ArcticDesk that would allow a malicious user to open files which could yield sensitive information. Under the right circumstances, it may even be possible to turn this into a remote file inclusion which could allow a commands to be executed. This vulnerability was critical since it is possible to obtain sensitive data.
This vulnerability was tested against ArcticDesk v1.2.4.
This vulnerability was patched in ArcticDesk v1.2.5.
This vulnerability was discovered by Rack911 – A server management and security company.
If you are using any previous version of ArcticDesk, it is strongly recommended that you upgrade it to ArcticDesk v1.2.5 version as soon as possible.