Lucene search
HistoryNov 20, 2014 - 1:55 p.m.
CVE-2014-8998
cve
x7 chat
php code execution
security vulnerability
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.954 High
EPSS
Percentile
99.4%
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
Affected configurations
Node
x7chatx7_chatMatch2.0.0
ORx7chatx7_chatMatch2.0.0a1
ORx7chatx7_chatMatch2.0.0a2
ORx7chatx7_chatMatch2.0.0a3
ORx7chatx7_chatMatch2.0.0b1
ORx7chatx7_chatMatch2.0.0b2
ORx7chatx7_chatMatch2.0.1a1
ORx7chatx7_chatMatch2.0.2
ORx7chatx7_chatMatch2.0.3
ORx7chatx7_chatMatch2.0.4
ORx7chatx7_chatMatch2.0.4.1
ORx7chatx7_chatMatch2.0.4.3
ORx7chatx7_chatMatch2.0.4.4
ORx7chatx7_chatMatch2.0.5
ORx7chatx7_chatMatch2.0.5.1
Related
cvelist
cvelist
CVE-2014-8998
2014-11-20 11:00:00
nvd
nvd
CVE-2014-8998
2014-11-20 13:55:07
prion
prion
Code injection
2014-11-20 13:55:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.954 High
EPSS
Percentile
99.4%
Related for CVE-2014-8998