PHP Live Helper Multiple Input Validation Vulnerabilities

Bugtraq ID:	30729
Class:	Input Validation Error
CVE:	CVE-2008-3763 CVE-2008-3764 CVE-2008-3762
Remote:	Yes
Local:	No
Published:	Aug 18 2008 12:00AM
Updated:	Jul 06 2016 02:17PM
Credit:	James Bercegay of the GulfTech Security Research Team
Vulnerable:	TurnkeyWebTools PHP Live Helper 2.0 TurnkeyWebTools PHP Live Helper 1.8
Not Vulnerable:	TurnkeyWebTools PHP Live Helper 2.1

PHP Live Helper Multiple Input Validation Vulnerabilities

PHP Live Helper is prone to multiple remote vulnerabilities, including SQL-injection, script-execution, and an issue that permits attackers to overwrite arbitrary variables. These issues occur because the application fails to sufficiently sanitize user-supplied data.

Successful exploits of these vulnerabilities may allow attackers to:

- compromise the application
- access or modify data
- exploit latent vulnerabilities in the underlying database
- execute arbitrary PHP script code in the context of the webserver process

Versions prior to PHP Live Helper 2.1.0 are vulnerable.

PHP Live Helper Multiple Input Validation Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

• /data/vulnerabilities/exploits/30729.html

PHP Live Helper Multiple Input Validation Vulnerabilities

Solution:
The vendor released PHP Live Helper 2.1.0 to address these issues. Please see the references for more information.

PHP Live Helper Multiple Input Validation Vulnerabilities

References:

• PHP Live Helper Changelog v2.1.0 - Aug 14th, 2008 (TurnkeyWebTools)
  
• PHP Live Helper Homepage (TurnkeyWebTools)
  
• PHP Live Helper <= 2.0.1 Multiple Vulnerabilities (GulfTech Security Research )