CVE-2005-1672

Help Center Live - Cross-Site Scripting via Multiple Input Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1672. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in HelpCenter Live! <= 1.2.7, including SQL injection, XSS, script injection, and CSRF. It provides specific exploit examples, vulnerable code snippets, and technical explanations of the attack vectors.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43814

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in HelpCenter Live! <= 1.2.7, including SQL injection, XSS, script injection, and CSRF. It provides specific exploit examples, vulnerable code snippets, and technical explanations of the attack vectors.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: HelpCenter Live! <= 1.2.7

No auth needed

Prerequisites: magic_quotes_gpc set to off for SQLi exploitation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/398457

Various Sources x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00076-05172005

Scores

EPSS 0.0272

EPSS Percentile 84.1%

Details

Status published

Products (1)

ubertec/help_center_live

Published May 19, 2005

Tracked Since Feb 18, 2026