RSS   Vulnerabilities for 'Php live helper'   RSS

2008-08-21
 
CVE-2008-3764

CWE-94
 

 
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.

 
 
CVE-2008-3763

CWE-20
 

 
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.

 
 
CVE-2008-3762

CWE-89
 

 
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.

 

 >>> Vendor: Turnkeywebtools 2 Products
Sunshop shopping cart
Php live helper


Copyright 2024, cxsecurity.com

 

Back to Top