CVE-2006-6999 Information

Description

attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.

Reference

http://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt