Unrated severityNVD Advisory· Published Aug 8, 2007· Updated Apr 23, 2026

CVE-2007-4240

Description

The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.

Affected products

Helpcenterlive/Helpcenter Live
cpe:2.3:a:help_center_live:help_center_live:2.1.3a:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26352nvdVendor Advisory
osvdb.org/39400nvd
www.securityfocus.com/bid/25225nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35833nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000