Arbitrary PHP Code Execution in X7 Chat 2.0.0 through 2.0.5.1

Arbitrary PHP Code Execution in X7 Chat 2.0.0 through 2.0.5.1

CVE-2014-8998 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.

Learn more about our User Device Pen Test.