CVE-2024-27516

EPSS 3.2%

livehelperchat Server-Side Template Injection

Published: 2/29/2024Modified: 12/1/2024

Description

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.

Affected packages (1)

Packagist/remdex/livehelperchatfrom 0, < 4.29

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-27516
PATCHhttps://github.com/LiveHelperChat/livehelperchat
WEBhttps://github.com/LiveHelperChat/livehelperchat/commit/a61d231526a36d4a7d8cc957914799ee1f9db0ab
WEBhttps://github.com/LiveHelperChat/livehelperchat/issues/2054