PT-2009-2351 · Joomla · Joomla Live Chat

Jdc

Published

2009-07-30

Updated

2017-09-29

CVE-2008-6882

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Joomla Live Chat (com livechat) component version 1.0

Description: The issue allows remote attackers to utilize the xmlhttp.php script as an open HTTP proxy. This can be exploited to hide network scanning activities or to scan internal networks by sending a GET request with a full URL in the query string.

Recommendations: For version 1.0, consider disabling the xmlhttp.php script until a patch is available to prevent its use as an open HTTP proxy. Restrict access to this script to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-6882

Affected Products

Joomla Live Chat

PT-2009-2351 · Joomla · Joomla Live Chat

CVE-2008-6882

Weakness Enumeration

Related Identifiers

Affected Products

References · 4