CVE-2024-27516

EPSS 3.2%

livehelperchat Server-Side Template Injection

發布日:2024/2/29修改日:2024/12/1

描述

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php.

受影響套件(1)

Packagist/remdex/livehelperchatfrom 0, < 4.29

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-27516
PATCHhttps://github.com/LiveHelperChat/livehelperchat
WEBhttps://github.com/LiveHelperChat/livehelperchat/commit/a61d231526a36d4a7d8cc957914799ee1f9db0ab
WEBhttps://github.com/LiveHelperChat/livehelperchat/issues/2054