lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x7chat | x7_chat | 2.0.2 |
| x7chat | x7_chat | 2.0.4 |
| x7chat | x7_chat | 2.0.5 |
| x7chat | x7_chat | 2.0.0 |
| x7chat | x7_chat | 2.0.1 |
| x7chat | x7_chat | 2.0.5.1 |
| x7chat | x7_chat | 2.0.4.3 |
| x7chat | x7_chat | 2.0.3 |
| x7chat | x7_chat | 2.0.4.1 |
| x7chat | x7_chat | 2.0.4.4 |