Help Center Live Administrator Command Execution Vulnerability

Help Center Live Administrator Command Execution Vulnerability

Help Center Live is prone to an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands.

This issue permits a remote attacker to create a malicious URI link that performs some administrator function. If an unsuspecting forum administrator activates this URI, the attacker-supplied command would be carried out with the administrator's privileges. This occurs in the security context of the affected Web site and would cause various administrator actions to be taken.

These issues have reportedly been addressed in the latest release of Help Center Live, this information has not been confirmed by Symantec or the vendor.