ArcticDesk Local File Inclusion Vulnerability
ArcticDesk is a lightweight support help desk solution. It lets you manage tickets, emails, announcements, articles, downloads and more, all in one place.
Vulnerability Description:
There is a local file inclusion vulnerability present within ArcticDesk that would allow a malicious user to open files which could yield sensitive information. Under the right circumstances, it may even be possible to turn this into a remote file inclusion which could allow a commands to be executed. This vulnerability was critical since it is possible to obtain sensitive data.
Vulnerable Version:
This vulnerability was tested against ArcticDesk v1.2.4.
Fixed Version:
This vulnerability was patched in ArcticDesk v1.2.5.
This vulnerability was discovered by Rack911 – A server management and security company.
If you are using any previous version of ArcticDesk, it is strongly recommended that you upgrade it to ArcticDesk v1.2.5 version as soon as possible.