MidnightBSD

Advisories for x7chat

CVE-2014-8998 MEDIUM

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
x7chat x7_chat 2.0.2
x7chat x7_chat 2.0.4
x7chat x7_chat 2.0.5
x7chat x7_chat 2.0.0
x7chat x7_chat 2.0.1
x7chat x7_chat 2.0.5.1
x7chat x7_chat 2.0.4.3
x7chat x7_chat 2.0.3
x7chat x7_chat 2.0.4.1
x7chat x7_chat 2.0.4.4