vendor:
Live Support
by:
BlackHawk
7.5
CVSS
HIGH
Credential Retrieval
200
CWE
Product Name: Live Support
Affected Version From: AlstraSoft Live Support v1.21
Affected Version To: AlstraSoft Live Support v1.21
Patch Exists: YES
Related CWE:
CPE: a:alstrasoft:live_support:1.21
Platforms Tested:
2007
AlstraSoft Live Support v1.21 Admin Credential Retrieve Exploit
This exploit allows an attacker to retrieve admin credentials from the AlstraSoft Live Support v1.21 application. The vulnerable code is located in common.php and does not include an exit function after the header() function, allowing the attacker to extract the admin credentials.
Mitigation:
Apply the patches provided by AlstraSoft or update to a newer version of the software. Ensure that the vulnerable code is patched to include an exit function after the header() function to prevent unauthorized access.