CVE-2005-1673

Help Center Live - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1673.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in HelpCenter Live! <= 1.2.7, including SQL injection, XSS, script injection, and CSRF. It provides specific examples of vulnerable code, exploitation techniques, and prerequisites like magic_quotes_gpc being disabled.

Description

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43814

This is a detailed technical writeup describing multiple vulnerabilities in HelpCenter Live! <= 1.2.7, including SQL injection, XSS, script injection, and CSRF. It provides specific examples of vulnerable code, exploitation techniques, and prerequisites like magic_quotes_gpc being disabled.

Classification
Writeup 100%
Attack Type
Sqli | Xss | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: HelpCenter Live! <= 1.2.7
No auth needed
Prerequisites: magic_quotes_gpc disabled on the server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/398457/2005-05-15/2005-05-21/0

Scores

EPSS 0.0112
EPSS Percentile 61.8%

Details

Status published
Products (1)
ubertec/help_center_live
Published May 19, 2005
Tracked Since Feb 18, 2026