| VID |
21781 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Help Center Live is vulnerable to multiple remote vulnerabilities (1). Help Center Live is a 'Live' help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. Help Center Live version 1.2.6 and earlier versions are vulnerable to multiple remote vulnerabilities. One of them could allow a remote attacker to include malicious PHP files, caused by improper validation of user-supplied input passed to the 'HCL_path' parameter of the 'skin.php' and 'pipe.php' scripts. A remote attacker could exploit this vulnerability to execute arbitrary PHP script code and system commands in the security context of the Web server process. In addition, these versions could be prone to cross-site scripting attacks.
* References:
http://www.gulftech.org/?node=research&article_id=00058-12242004
http://securitytracker.com/alerts/2004/Dec/1012685.html
* Platforms Affected:
Help Center Live version 1.2.6 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Help Center Live (2.0.0 or later), available from the Help Center Live Web site at http://www.helpcenterlive.com/ |
| Related URL |
CVE-2004-2602,CVE-2004-2603 (CVE) |
| Related URL |
12105 (SecurityFocus) |
| Related URL |
18694,18695,18696 (ISS) |
|
