CVE-2022-1213: Server side request forgery in LiveHelperChat
7.7
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.32808%
CWE
Published
4/6/2022
Updated
1/27/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
remdex/livehelperchat | composer | < 3.67 | 3.67 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from two key issues in proxycss.php: 1) Direct parsing of user-controlled $_GET parameters without FILTER_VALIDATE_URL validation, and 2) Reliance on parse_url's port/scheme checks without considering URL structure manipulation. The patch added FILTER_VALIDATE_URL checks to both parameters, indicating these were the vulnerable entry points. The pre-patch code's port validation (checking [80,443]) could be bypassed through URLs with embedded ports in the host section (e.g., http://attacker.com:80@evil.com), which parse_url would interpret as port 80 for attacker.com while actually connecting to evil.com on arbitrary ports.