• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PHP Live Helper Multiple Input Validation Vulnerabilities

Severity: HIGH

Description:

PHP Live Helper is a PHP-based application for customer support.

Since it fails to sufficiently sanitize user-supplied data, the application is prone to multiple vulnerabilities:

1. An SQL-injection vulnerability affects the 'dep' parameter of the 'onlinestatus_html.php' script. Other SQL-injection issues may also exist, but weren't specified. These issues may allow attackers to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

2. A vulnerability allows attackers to overwrite arbitrary variables. The issue is caused by code in the 'libsecure.php' source file that emulates PHP's 'register_globals' functionality. Unspecified variables from within the database configuration file may be overwritten, permitting attackers to launch SQL-injection attacks or to execute arbitrary PHP code. This may result in the compromise of affected applications.

3. A PHP code-execution vulnerability occurs in the 'includes/globalsoff.php' source code file, affecting the 'rg' parameter. The script creates variables in an unsafe manner using the 'eval()' function. Arbitrary PHP code may be run from other scripts in the application, such as 'chat.php'.

Successful exploits of these vulnerabilities may allow attackers to:

- compromise the application
- access or modify data
- exploit latent vulnerabilities in the underlying database
- execute arbitrary PHP script code in the context of the webserver process

Versions prior to PHP Live Helper 2.1.0 are vulnerable.

Affected Products:

• TurnkeyWebTools PHP Live Helper 1.8
• TurnkeyWebTools PHP Live Helper 2.0

References:

• TurnkeyWebTools: PHP Live Helper Changelog v2.1.0 - Aug 14th, 2008
• TurnkeyWebTools: PHP Live Helper Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.