Loading
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.
Use CWE-264, Sysaid vendor hub and Sysaid product page to widen CVE-2015-2993 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2023-47246, CVE-2025-2776 and CVE-2025-2775 for nearby disclosures in the same product family.