header-logo
Suggest Exploit
vendor:
LiveHelp
by:
Unknown
7.5
CVSS
HIGH
Local File Include
98
CWE
Product Name: LiveHelp
Affected Version From: 2
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Not available
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

StarDevelop LiveHelp Local File Include Vulnerability

The StarDevelop LiveHelp application is prone to a local file-include vulnerability. This vulnerability occurs due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts within the context of the web server process. This could lead to the compromise of the application and the underlying computer. Other attacks may also be possible.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input before using it to include local files. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files and directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49650/info

StarDevelop LiveHelp is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the Web server process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

StarDevelop LiveHelp 2.0 is vulnerable; other versions may also be affected.

http://www.example.com/[path]/index.php?language_file=[LFI]%00

Navigation

Suggest Exploit

Services By CQR