| VID |
21782 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Help Center Live is vulnerable to multiple remote vulnerabilities (2). Help Center Live is a 'Live' help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. Help Center Live version 1.2.7 and earlier versions are vulnerable to multiple remote vulnerabilities. Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the id parameter to index.php, tid parameter to view.php, fid parameter to download.php or chat_download.php, status parameter to icon.php, TICKET_tid parameter to index.php or view.php. And multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the find parameter to index.php, name or message field of a chat request, or the message body when opening a trouble ticket.
* References:
http://www.gulftech.org/?node=research&article_id=00076-05172005
* Platforms Affected:
Help Center Live version 1.2.7 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Help Center Live (2.0.0 or later), available from the Help Center Live Web site at http://www.helpcenterlive.com/ |
| Related URL |
CVE-2005-1672,CVE-2005-1673,CVE-2005-1674 (CVE) |
| Related URL |
13666,13667 (SecurityFocus) |
| Related URL |
20626,20627,22009 (ISS) |
|
