phpLiveHelper Vulnerable to Remote Code Execution

The popular live support tool phpLiveHelper is vulnerable to remote code execution due to an error in the way the tool processes URL parameters. By using a known URL parameter an intruder could cause their code of choice to be included into phpLiveHelper in realtime where that code would then run on the operator's system. An exploit could possibly open a port on a vulnerable system that would allow intruders to interact with the compromised system in variety of ways. No response from the vendor is known at this time

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish