GHSA-v4cp-2q7v-hg9q

Suggest an improvement
Source
https://github.com/advisories/GHSA-v4cp-2q7v-hg9q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-v4cp-2q7v-hg9q/GHSA-v4cp-2q7v-hg9q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v4cp-2q7v-hg9q
Aliases
Published
2024-02-29T03:33:18Z
Modified
2024-12-01T05:52:21.368136Z
Summary
livehelperchat Server-Side Template Injection
Details

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.

Database specific 
{
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-29T20:11:45Z",
    "nvd_published_at": "2024-02-29T01:44:20Z",
    "severity": "MODERATE"
}
References

Affected packages

Packagist / remdex/livehelperchat

Package

Name
remdex/livehelperchat
Purl
pkg:composer/remdex/livehelperchat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.29

Affected versions

1.*

1.74
1.81
1.82
1.83
1.84
1.85
1.86
1.87
1.88
1.89
1.90
1.91
1.93
1.94
1.95
1.98

2.*

2.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-v4cp-2q7v-hg9q/GHSA-v4cp-2q7v-hg9q.json"