VYPR
← All advisories
High severityNVD Advisory· Published Apr 5, 2022· Updated Aug 2, 2024

SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat

CVE-2022-1213

Description

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SSRF filter bypass in Live Helper Chat prior to 3.67v allows arbitrary requests by misusing port parsing.

Vulnerability

A server-side request forgery (SSRF) filter bypass vulnerability exists in GitHub repository livehelperchat/livehelperchat versions prior to 3.67v. The application implements a filter intended to restrict requests to ports 80 and 443 only [2]. However, the PHP parse_url function, when processing URLs like http://evil:8888:80, treats the last colon-separated segment as the port (80), while the hostname becomes evil:8888, bypassing the port check [3]. The issue affects the co-browse functionality where the base and css GET parameters are validated [3]. The filter previously bypassed CVE-2022-1191 [2].

Exploitation

An attacker can send a crafted URL to the Live Helper Chat instance, for example via the co-browse feature's base parameter. By using a URL with multiple ports (e.g., http://evil:8888:80), the PHP parse_url function extracts port 80 (allowed) but the actual hostname becomes evil:8888, which is not blocked by the filter [3]. The attacker does not need authentication; any user with access to the chat interface can trigger the request. The attacker must be able to send a request to the vulnerable endpoint (e.g., via a chat widget or direct HTTP request) [1][4].

Impact

Successful exploitation allows the attacker to make arbitrary HTTP requests from the server, which can be used to probe internal networks, access local services, or interact with cloud metadata endpoints. This SSRF can lead to information disclosure, potential compromise of internal resources, or further attacks. The attacker gains the ability to issue requests with the server's IP address, bypassing the intended port restriction [2][4].

Mitigation

The vulnerability is fixed in version 3.67v of Live Helper Chat [2]. The fix, implemented in commit abc9599 [3], adds proper URL validation using filter_var with FILTER_VALIDATE_URL and ensures that the hostname is not manipulated. Users should upgrade to version 3.67v or later. No workaround is available; patching is required. The CVE is not listed in the CISA KEV [2].

References
  1. GitHub - LiveHelperChat/livehelperchat: Live Helper Chat - live support for your website. Featuring web and mobile apps, Voice & Video & ScreenShare. Supports Telegram, Twilio (whatsapp), Facebook messenger including building a bot.
  2. NVD - CVE-2022-1213
  3. fix #1752 · LiveHelperChat/livehelperchat@abc9599
  4. SSRF Filter bypass port 80, 433

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
remdex/livehelperchatPackagist
< 3.673.67

Affected products

3

Patches

1
abc9599ee7ad

fix #1752

https://github.com/livehelperchat/livehelperchatRemigijus KiminasApr 3, 2022via ghsa
commit
1 file changed · +8 2
  • lhc_web/modules/lhcobrowse/proxycss.php+8 2 modified
    @@ -15,7 +15,13 @@
     $browse = erLhcoreClassCoBrowse::getBrowseInstance($chat);

 }

 

-$url = parse_url($_GET['base']);

+$base = trim($_GET['base']);

+

+if (!filter_var($base, FILTER_VALIDATE_URL)) {

+    exit;

+}

+

+$url = parse_url($base);

 

 // Only http/https supported

 if (!in_array($url['scheme'],['http','https']) || (isset($url['port']) && !in_array($url['port'],[80,443]))) {

@@ -42,7 +48,7 @@
         }

     } else {

 

-        if (!in_array($urlCSS['scheme'],['http','https']) || (isset($urlCSS['port']) && !in_array($urlCSS['port'],[80,443]))) {

+        if (!filter_var($_GET['css'], FILTER_VALIDATE_URL) || !in_array($urlCSS['scheme'],['http','https']) || (isset($urlCSS['port']) && !in_array($urlCSS['port'],[80,443]))) {

             exit;

         }

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.