ArcticDesk v1.2.6 Security update

ArcticDesk v1.2.6

ArcticDesk is helpdesk software used to provide support to end users.

WHMCS Complete Billing and Support

Recently ArcticDesk has release a security update ArcticDesk v1.2.6 to address security issues in the previous versions. It is highly recommended that you upgrade your ArcticDesk version to latest version as soon as possible.

The following issues were addressed in ArcticDesk v1.2.6:

Case: AD-760, AD-774, AD-775
Type: Local file inclusion
Severity: High
Credit: Patrick at Rack911.net
Description: By following a carefully crafted URL, it is possible to access local files on the server and view sensitive information.

Case: AD-777
Type: Local file inclusion
Severity: High
Credit: Internal ArcticDesk Team
Description: By following a carefully crafted URL, it is possible to access local files on the server and view sensitive information.

Changelog:

(AD-760, AD-774, AD-775, AD-777) – Fixed local file inclusion on certain actions
(AD-768) – Fixed issue where operator was unable to edit ticket messages

Posted in Security.