CVE-2022-1213 – remdex/livehelperchat

Package

Manager: composer
Name: remdex/livehelperchat
Vulnerable Version: >=0 <3.67

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

EPSS: 0.00126 pctl0.32717

Details

Server side request forgery in LiveHelperChat SSRF filter bypass port 80, 433 in LiveHelperChat prior to v3.67. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191

Metadata

Created: 2022-04-06T00:01:32Z
Modified: 2022-04-19T17:55:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-hhr9-7xvh-8xgc/GHSA-hhr9-7xvh-8xgc.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-hhr9-7xvh-8xgc
Finding: F100
Auto approve: 1