GHSA-v4cp-2q7v-hg9q

Source

https://github.com/advisories/GHSA-v4cp-2q7v-hg9q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-v4cp-2q7v-hg9q/GHSA-v4cp-2q7v-hg9q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v4cp-2q7v-hg9q

Aliases

CVE-2024-27516

Published

2024-02-29T03:33:18Z

Modified

2024-12-01T05:52:21.368136Z

Summary

livehelperchat Server-Side Template Injection

Details

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [],
    "github_reviewed_at": "2024-02-29T20:11:45Z",
    "nvd_published_at": "2024-02-29T01:44:20Z",
    "severity": "MODERATE"
}

References

Affected packages

Packagist / remdex/livehelperchat

Package

Name: remdex/livehelperchat
Purl: pkg:composer/remdex/livehelperchat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.29

Affected versions

1.*

1.74

1.81

1.82

1.83

1.84

1.85

1.86

1.87

1.88

1.89

1.90

1.91

1.93

1.94

1.95

1.98

2.*

2.0