header-logo
Suggest Exploit
vendor:
Help Center Live
by:
Unknown
5.5
CVSS
MEDIUM
Local File Include
22
CWE
Product Name: Help Center Live
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Local File Include Vulnerability in Help Center Live

The Help Center Live application fails to properly sanitize user-supplied input, which allows an attacker to include local files and disclose sensitive information. This vulnerability can also be exploited to read arbitrary files on the affected computer with the privileges of the Web server.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input properly and validate file paths before including them in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15404/info

Help Center Live is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to disclose sensitive information. This may help with further attacks on the affected computer.

It should be noted that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server.

http://www.example.com/support/module.php?module=osTicket&file=/../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR