Server-Side Template Injection Vulnerability in LiveHelperChat
CVE-2024-27516

9.8CRITICAL

Key Information:

Vendor: LiveHelperChat
Status: LiveHelperChat
Vendor: CVE Published:; 29 February 2024

🔔 Create LiveHelperChat Vulnerability Alert

What is CVE-2024-27516?

A Server-Side Template Injection (SSTI) vulnerability exists in LiveHelperChat prior to version 4.34. This security flaw allows remote attackers to leverage the search parameter in the 'lhc_web/modules/lhfaq/faqweight.php' file to execute arbitrary code. Exploiting this vulnerability can lead to unauthorized access to sensitive information stored on the server, posing significant risks to the integrity and privacy of user data.

References

https://github.com/LiveHelperChat/livehelperchat/issues/2054

https://github.com/LiveHelperChat/livehelperchat/commit/a...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 26, 2024

CVE-2024-27516 Data

JSON