PHP Live! Helper < 2.1.0 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 4627
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running PHP Live Helper, a customer support application.
This version of Live Helper is vulnerable to a number of flaws.
There is a SQL injection flaw when handling malformed data to the 'dep' parameter of the 'onlinestatus_html.php' script. An attacker exploiting this flaw would be able to execute arbitrary SQL commands against the database server.
There is a flaw in the way that the application handles data passed to the 'libsecure.php' source file. An attacker exploiting this flaw would be able to change the behavior of the database server.
There is a flaw in the way that the application handles data to the 'rg' parameter of the 'globalsoff.php' file. An attacker exploiting this flaw might be able to get arbitrary code executed via an 'eval()' function call.
SolutionUpgrade to version 2.1.0 or higher.