PHP Live is a live support system for Web sites offered by phplivesupport.com. Its functions include unlimited operators, unlimited departments, chat initiation, click tracking, Web site traffic monitoring, and more.
PHP Live a few good features:
- Real-time chat and support;
- Multiple chat requests at a time;
- Creating different departments;
- Tracking and collecting information for visitors;
- Saving the chat transcripts;
- Rating the customer service;
- Supporting your own chat logos;
- Tracking of the referred urls;
- Multiple language support;
- Knowledge Base (FAQ) Integration;
Other than the fact that PHP Live is not free like other PHP scripts, it also has some problematic security flaws. These flaws are made worse by the fact that owners of this product have to pay yearly to fix known flaws. Some examples are:
PHPLive version 3.2.1 and prior
Vulnerability identified in PHPLive, which may be exploited by attackers to execute arbitrary commands. This flaw is due to input validation errors in the "help.php" and "setup/header.php" scripts that fail to validate the "css_path" parameter, which could be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.
PHPLive Helper version 2.0 and prior
Vulnerability identified in PHP Live Helper, which could be exploited by attackers to execute arbitrary commands. This flaw is due to an input validation error in the "global.php" script that fails to validate the "abs_path" parameter, which could be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.