CVE-2004-1499

HELM Control Panel 3.1.19 - Stored Cross-Site Scripting via Compose Message Subject Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1499. PoCs published by Behrang Fouladi.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in Helm Control Panel. The provided payload manipulates SQL queries to insert a new account with root privileges, bypassing authentication.

Description

Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Behrang Fouladi · textwebappsasp

https://www.exploit-db.com/exploits/24717

View Code ZIP pw:eip

The exploit demonstrates an SQL injection vulnerability in Helm Control Panel. The provided payload manipulates SQL queries to insert a new account with root privileges, bypassing authentication.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Helm Control Panel versions 3.1.19 and prior

No auth needed

Prerequisites: Access to the vulnerable Helm Control Panel interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Patch third-party-advisory x_refsource_secunia

http://secunia.com/advisories/13079

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109943858026542&w=2

Vendor Advisory x_refsource_misc

http://www.hat-squad.com/en/000077.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11586

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17943

Scores

EPSS 0.0181

EPSS Percentile 75.9%

Details

Status published

Products (10)

webhost_automation/helm_control_panel 3.1.10

webhost_automation/helm_control_panel 3.1.11

webhost_automation/helm_control_panel 3.1.12

webhost_automation/helm_control_panel 3.1.13

webhost_automation/helm_control_panel 3.1.14

webhost_automation/helm_control_panel 3.1.15

webhost_automation/helm_control_panel 3.1.16

webhost_automation/helm_control_panel 3.1.17

webhost_automation/helm_control_panel 3.1.18

webhost_automation/helm_control_panel 3.1.19

Published Dec 31, 2004

Tracked Since Feb 18, 2026