CVE-2005-3639

Help Center Live < 2.0.2 - Remote File Inclusion via osTicket File Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3639. PoCs published by HACKERS PAL.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in Help Center Live, where unsanitized user input allows reading arbitrary files on the server. The example URL demonstrates accessing '/etc/passwd' via path traversal.

Description

PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability.

Exploits (1)

exploitdb WRITEUP VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/26502

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) vulnerability in Help Center Live, where unsanitized user input allows reading arbitrary files on the server. The example URL demonstrates accessing '/etc/passwd' via path traversal.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Help Center Live (version not specified)

No auth needed

Prerequisites: Web server with Help Center Live installed · Access to the vulnerable endpoint

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15404

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17580

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/2451

Scores

EPSS 0.0275

EPSS Percentile 84.3%

Details

Status published

Products (1)

ubertec/help_center_live < 2.0.2

Published Nov 16, 2005

Tracked Since Feb 18, 2026