Homepage
About Snyk

Improper Control of Generation of Code ('Code Injection') Affecting remdex/livehelperchat package, versions >=0.0.0

0.0
critical

Snyk CVSS

    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.04% (9th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-REMDEXLIVEHELPERCHAT-6421095
  • published 11 Mar 2024
  • disclosed 29 Feb 2024
  • credit JiaSheng He
Report a new vulnerability Found a mistake?

Introduced: 29 Feb 2024

CVE-2024-27516 Open this link in a new tab
CWE-94 Open this link in a new tab

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

remdex/livehelperchat is a package that offers live support for your website. Featuring web and desktop clients. Compatible Windows, Linux, Mac. Desktop client powered by QT. Supports mobile phones based on XMPP service providers (GTalk, Xabber, Mono etc.)

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to improper input validation. An attacker can execute arbitrary code on the server by crafting malicious input.