CVE-2010-1652

HelpCenterLive 2.0.6 and 2.1.7 - Path Traversal via File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1652. PoCs published by 41.w4r10r.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Help Center Live 2.0.6 via the 'file' parameter in module.php. The PoC shows how to read arbitrary files (e.g., /etc/passwd) using directory traversal sequences.

Description

Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the file parameter to module.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by 41.w4r10r · textwebappsphp
https://www.exploit-db.com/exploits/12421

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Help Center Live 2.0.6 via the 'file' parameter in module.php. The PoC shows how to read arbitrary files (e.g., /etc/passwd) using directory traversal sequences.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Help Center Live 2.0.6
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1009
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39615
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12421
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39732

Scores

EPSS 0.0286
EPSS Percentile 85.0%

Details

CWE
CWE-22
Status published
Products (2)
helpcenterlive/hcl 2.0.6
helpcenterlive/hcl 2.1.7
Published May 03, 2010
Tracked Since Feb 18, 2026