High severityNVD Advisory· Published Mar 31, 2022· Updated Aug 2, 2024

Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat

CVE-2022-1176

Description

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Loose type comparison in LiveHelperChat before 3.96 causes IDOR on multiple endpoints, allowing unauthorized data access.

Vulnerability

A loose comparison (== instead of ===) in the chat validation logic within LiveHelperChat prior to version 3.96 allows an Insecure Direct Object Reference (IDOR) attack on multiple endpoints. The vulnerable code is in the chat status validation function, where the chat hash is compared using == instead of strict type equality. This affects all versions before 3.96. [2][3]

Exploitation

An attacker can exploit this by manipulating the chat hash parameter in a request to an affected endpoint. Because PHP's loose comparison can treat values of different types as equal (e.g., "abc" == true evaluates to true), an attacker may craft a request that bypasses the ownership check without requiring a valid hash for a specific chat. The attack requires network access to the LiveHelperChat instance but no prior authentication or special privileges. [2][3]

Impact

Successful exploitation allows an attacker to read, modify, or delete chat messages and other chat-related data belonging to other users. This leads to unauthorized disclosure of sensitive information (confidentiality breach), potential data tampering (integrity breach), and disruption of chat operations. The attacker can perform actions on chats they do not own. [2]

Mitigation

The vulnerability is fixed in LiveHelperChat version 3.96. The fix changes the loose comparison == to a strict comparison === in the affected code path, ensuring proper type and value matching. [3] Users should update to version 3.96 or later. No workaround is provided for unpatched versions. As of the publication date (2022-03-31), no KEV listing is noted. [2]

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
remdex/livehelperchatPackagist	< 3.96	3.96

Affected products

osv-coords2 versions
pkg:bitnami/livehelperchat pkg:composer/remdex/livehelperchat
< 3.96.0+ 1 more
- (no CPE)range: < 3.96.0
- (no CPE)range: < 3.96
livehelperchat/livehelperchat/livehelperchatv5
Range: unspecified

Patches

72c0df160bfe

Type check

https://github.com/livehelperchat/livehelperchatRemigijus KiminasMar 30, 2022via ghsa

commit

7 files changed · +7 −7

lhc_web/modules/lhwidgetrestapi/addmsguser.php+1 −1 modified

@@ -29,7 +29,7 @@
 
         erLhcoreClassChatEventDispatcher::getInstance()->dispatch('chat.validstatus_chat',array('chat' => & $chat, 'valid_statuses' => & $validStatuses));
 
-        if ($chat->hash == $payload['hash'] && (in_array($chat->status,$validStatuses)) && !in_array($chat->status_sub, array(erLhcoreClassModelChat::STATUS_SUB_SURVEY_COMPLETED, erLhcoreClassModelChat::STATUS_SUB_USER_CLOSED_CHAT, erLhcoreClassModelChat::STATUS_SUB_SURVEY_SHOW, erLhcoreClassModelChat::STATUS_SUB_CONTACT_FORM))) // Allow add messages only if chat is active
+        if ($chat->hash === $payload['hash'] && (in_array($chat->status,$validStatuses)) && !in_array($chat->status_sub, array(erLhcoreClassModelChat::STATUS_SUB_SURVEY_COMPLETED, erLhcoreClassModelChat::STATUS_SUB_USER_CLOSED_CHAT, erLhcoreClassModelChat::STATUS_SUB_SURVEY_SHOW, erLhcoreClassModelChat::STATUS_SUB_CONTACT_FORM))) // Allow add messages only if chat is active
         {
             $msgText = preg_replace('/\[html\](.*?)\[\/html\]/ms','',$payload['msg']);

lhc_web/modules/lhwidgetrestapi/fetchmessage.php+1 −1 modified

@@ -16,7 +16,7 @@
 
     $chat = erLhcoreClassModelChat::fetch($requestPayload['id']);
 
-    if ($chat instanceof erLhcoreClassModelChat && $chat->hash == $requestPayload['hash'])
+    if ($chat instanceof erLhcoreClassModelChat && $chat->hash === $requestPayload['hash'])
     {
         $msg = erLhcoreClassModelmsg::fetch($requestPayload['msg_id']);

lhc_web/modules/lhwidgetrestapi/fetchmessages.php+1 −1 modified

@@ -34,7 +34,7 @@
 
 $responseArray = array('status' => erLhcoreClassModelChat::STATUS_CLOSED_CHAT, 'status_sub' => erLhcoreClassModelChat::STATUS_SUB_DEFAULT);
 
-if (is_object($chat) && $chat->hash == $requestPayload['hash'])
+if (is_object($chat) && $chat->hash === $requestPayload['hash'])
 {
     erLhcoreClassChat::setTimeZoneByChat($chat);
     $chat->updateIgnoreColumns = array('last_msg_id');

lhc_web/modules/lhwidgetrestapi/getmessagesnippet.php+1 −1 modified

@@ -16,7 +16,7 @@
 
     $chat = erLhcoreClassModelChat::fetch($requestPayload['id']);
 
-    if ($chat instanceof erLhcoreClassModelChat && $chat->hash == $requestPayload['hash'])
+    if ($chat instanceof erLhcoreClassModelChat && $chat->hash === $requestPayload['hash'])
     {
 
         $msg = erLhcoreClassModelmsg::findOne(array('limit' => 1, 'sort' => 'id DESC', 'filtergt' => array('user_id' => 0), 'filter' => array('chat_id' => $chat->id)));

lhc_web/modules/lhwidgetrestapi/initchat.php+1 −1 modified

@@ -29,7 +29,7 @@
 
     erLhcoreClassChat::setTimeZoneByChat($chat);
 
-    if ($chat->hash == $requestPayload['hash'])
+    if ($chat->hash === $requestPayload['hash'])
     {
         // User online
         if ($chat->user_status != 0) {

lhc_web/modules/lhwidgetrestapi/sendmailsettings.php+1 −1 modified

@@ -6,7 +6,7 @@
 
 $chat = erLhcoreClassModelChat::fetch($Params['user_parameters']['chat_id']);
 
-if ($chat instanceof erLhcoreClassModelChat && $chat->hash == $Params['user_parameters']['hash'])
+if ($chat instanceof erLhcoreClassModelChat && $chat->hash === $Params['user_parameters']['hash'])
 {
     if ($Params['user_parameters_unordered']['action'] == 'send') {

lhc_web/modules/lhwidgetrestapi/uisettings.php+1 −1 modified

@@ -16,7 +16,7 @@
 
     erLhcoreClassChat::setTimeZoneByChat($chat);
 
-    if ($chat->hash == $requestPayload['hash'])
+    if ($chat->hash === $requestPayload['hash'])
     {
         $outputResponse = array(
             'operator' => 'operator',

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-5cmw-fhq9-8fhhghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-1176ghsaADVISORY
github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3ghsax_refsource_MISCWEB
huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000