CVE-2007-4240

Name of the Vulnerable Software and Affected Versions Help Center Live version 2.1.3a

Description The issue arises from the check logout function in class/auth.php, which fails to exit after sending a redirect when administrative credentials are missing. This allows remote attackers to delete administrative users and potentially have other impacts by sending requests to certain scripts, including (1) "admin/departments.php" and (2) "admin/operators.php".

Recommendations For Help Center Live version 2.1.3a, consider modifying the check logout function to properly exit after sending a redirect when administrative credentials are missing, or restrict access to the admin/departments.php and admin/operators.php scripts to prevent unauthorized modifications. As a temporary workaround, consider disabling the check logout function until a proper patch is available.