CVE-2024-27516

Name of the Vulnerable Software and Affected Versions livehelperchat versions prior to 4.34

Description A Server-Side Template Injection (SSTI) issue allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc web/modules/lhfaq/faqweight.php.

Recommendations For versions prior to 4.34, update to version 4.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the lhc web/modules/lhfaq/faqweight.php module until a patch is available. Avoid using the search parameter in the affected module until the issue is resolved.