2 matches found
Help Center Live class/auth.php check_logout Function Admin Authentication Bypass
The remote host is running Help Center Live, an open source, web-based help desk application written in PHP. The version of Help Center Live installed on the remote host has several administrative scripts that fail to exit if called without valid credentials. An unauthenticated attacker may be ab...
CVE-2007-4240
Help Center Live (hcl) 2.1.3a contains an authentication bypass in the check_logout function of class/auth.php. When administrative credentials are missing, the function redirects but does not exit, enabling an unauthenticated attacker to trigger actions via requests to admin/departments.php, adm...