icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP Live! Helper < 2.1.0 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running PHP Live Helper, a customer support application.

This version of Live Helper is vulnerable to a number of flaws.

There is a SQL injection flaw when handling malformed data to the 'dep' parameter of the 'onlinestatus_html.php' script. An attacker exploiting this flaw would be able to execute arbitrary SQL commands against the database server.

There is a flaw in the way that the application handles data passed to the 'libsecure.php' source file. An attacker exploiting this flaw would be able to change the behavior of the database server.

There is a flaw in the way that the application handles data to the 'rg' parameter of the 'globalsoff.php' file. An attacker exploiting this flaw might be able to get arbitrary code executed via an 'eval()' function call.

Solution

Upgrade to version 2.1.0 or higher.