CVE-2005-1674

MEDIUM

Help Center Live - Cross-Site Request Forgery via view.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1674.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in HelpCenter Live! <= 1.2.7, including SQL injection, XSS, script injection, and CSRF. It provides specific examples of vulnerable code, exploitation techniques, and prerequisites like magic_quotes_gpc being disabled.

Description

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43814

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in HelpCenter Live! <= 1.2.7, including SQL injection, XSS, script injection, and CSRF. It provides specific examples of vulnerable code, exploitation techniques, and prerequisites like magic_quotes_gpc being disabled.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: HelpCenter Live! <= 1.2.7

No auth needed

Prerequisites: magic_quotes_gpc must be disabled for SQLi exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Broken Link x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00076-05172005

Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/398457/2005-05-15/2005-05-21/0

Scores

CVSS v3 6.5

EPSS 0.0286

EPSS Percentile 84.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

helpcenterlive/help_center_live

Published May 19, 2005

Tracked Since Feb 18, 2026