Lucene search

[email protected]NVD:CVE-2014-8998

HistoryNov 20, 2014 - 1:55 p.m.

CVE-2014-8998

2014-11-2013:55:07

CWE-94

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.954 High

EPSS

Percentile

99.4%

JSON

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.

Affected configurations

NVD

Node

x7chatx7_chatMatch2.0.0

x7chatx7_chatMatch2.0.0a1

x7chatx7_chatMatch2.0.0a2

x7chatx7_chatMatch2.0.0a3

x7chatx7_chatMatch2.0.0b1

x7chatx7_chatMatch2.0.0b2

x7chatx7_chatMatch2.0.1a1

x7chatx7_chatMatch2.0.2

x7chatx7_chatMatch2.0.3

x7chatx7_chatMatch2.0.4

x7chatx7_chatMatch2.0.4.1

x7chatx7_chatMatch2.0.4.3

x7chatx7_chatMatch2.0.4.4

x7chatx7_chatMatch2.0.5

x7chatx7_chatMatch2.0.5.1

References

packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.html

www.exploit-db.com/exploits/35183

www.securityfocus.com/bid/71014

exchange.xforce.ibmcloud.com/vulnerabilities/98513

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.954 High

EPSS

Percentile

99.4%

JSON

Related for NVD:CVE-2014-8998

cve1 cvelist1 prion1