PT-2011-02: PHP code Injection in Kayako Support Suite
Kayako Support Suite
Version: 3.70.02-stable and earlier
Severity level: High
Impact: Arbitrary PHP code execution
Access Vector: Network exploitable
Base Score: 6.5
CVE: not assigned
Kayako Support Suite is a HelpDesk system.
Positive Research Center has discovered PHP code injection vulnerability in Kayako Support Suite.
Application insufficiently verifies incoming data received via template editing form.
An attacker with administration privileges can inject arbitrary PHP code via template editing feature with an expression like: <<??arbitary_php_code??>>
Here is an example of URL script used for template editing: http://example.com/support/admin/index.php?_m=core&_a=edittemplate&templateid=11&templateupdate=register
The code is executed as user reqests from the page with modified template.
How to fix
Update your software up to the v4
25.11.2011 - Vendor is notified
25.11.2011 - Vendor gets vulnerability details
25.08.2011 - Vendor releases fixed version and details
29.12.2011 - Public disclosure
The vulnerability was discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: