CVE CyberSecurity Database News

CVE-2024-27516 - Server-Side Template Injection (SSTI) Vulnerability Exploit in Livehelperchat Before 4.34v

Poster -

In this post, we will explore an important cybersecurity vulnerability known as CVE-2024-27516. This vulnerability is a server-side template injection (SSTI) that affects the popular live chat software, Livehelperchat, before version 4.34. Livehelperchat (LHC) is an open-source support chat software used for providing customer service and support in websites, e-commerce, and business applications. It's important to discuss and understand this vulnerability as it can lead to severe consequences, such as unauthorized access to data, information leakage, or execution of arbitrary code.

Let's dive into the details, including the affected LHC component, code snippet, and information related to the exploit of this CVE.

Affected Component and Code Snippet

The affected component of LHC is the FAQ module, specifically the 'faqweight.php' file in the 'lhc_web/modules/lhfaq' directory. The 'search' parameter in this file is where the SSTI vulnerability exists. Below is the code snippet that contains the vulnerable code:

<?php
// file: lhc_web/modules/lhfaq/faqweight.php
$faqParams = array('offset' => , 'limit' => 20);

if (isset($_GET['search'])) {
   $faqParams['filter']['content'] = strip_tags($_GET['search']);
}

$faqs = erLhcoreClassModelFaq::getList($faqParams);
?>

As seen above, the $faqParams array is initialized with the default values (such as offset and limit). However, the problem lies when the 'search' parameter in the $_GET request is checked for and the 'content' field is updated with the value passed.

The strip_tags() function is used to remove HTML and PHP tags from the 'search' parameter; however, this function cannot remove other potentially harmful data leading to SSTI vulnerability.

Exploit Details and Consequences

To exploit this vulnerability, an attacker can send a crafted HTTP request containing arbitrary code through the 'search' parameter. The crafted placeholder code within the user-supplied input can be evaluated server-side by the Livehelperchat system. This might lead to the execution of arbitrary code, obtaining sensitive data, loaded configuration settings, or backend infrastructure details.

Original References

For more information about the CVE-2024-27516 vulnerability, you can refer to the original references mentioned below:

1. CVE Page
2. Livehelperchat GitHub Repository
3. LHC Fixes and Changelog for Version 4.34

Conclusion

CVE-2024-27516, a server-side template injection vulnerability in Livehelperchat before version 4.34, is a critical issue that requires immediate attention from developers and administrators using this software. If you are running an affected version of Livehelperchat, it is essential to update your software as soon as possible to avoid any potential attacks.

In addition to keeping your software up to date, you should also practice good cybersecurity hygiene by performing regular security audits to ensure that your systems and applications are free from known vulnerabilities. The earlier you discover such vulnerabilities, the lesser the chances of being exploited by an attacker.

Timeline

Published on: 02/29/2024 01:44:20 UTC
Last modified on: 07/03/2024 01:50:41 UTC