Miggo Logo

CVE-2022-1213: Server side request forgery in LiveHelperChat

7.7

CVSS Score
3.0

Basic Information

EPSS Score
0.32808%
Published
4/6/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
remdex/livehelperchatcomposer< 3.673.67

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from two key issues in proxycss.php: 1) Direct parsing of user-controlled $_GET parameters without FILTER_VALIDATE_URL validation, and 2) Reliance on parse_url's port/scheme checks without considering URL structure manipulation. The patch added FILTER_VALIDATE_URL checks to both parameters, indicating these were the vulnerable entry points. The pre-patch code's port validation (checking [80,443]) could be bypassed through URLs with embedded ports in the host section (e.g., http://attacker.com:80@evil.com), which parse_url would interpret as port 80 for attacker.com while actually connecting to evil.com on arbitrary ports.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

SSR* *ilt*r *yp*ss port **, *** in Liv***lp*r***t prior to v*.**. *n *tt**k*r *oul* m*k* t** *ppli**tion p*r*orm *r*itr*ry r*qu*sts, *yp*ss *V*-****-****

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s in proxy*ss.p*p: *) *ir**t p*rsin* o* us*r-*ontroll** $_**T p*r*m*t*rs wit*out *ILT*R_V*LI**T*_URL v*li**tion, *n* *) R*li*n** on p*rs*_url's port/s***m* ****ks wit*out *onsi**rin* URL stru*tur* m*nipul*t