X7 Group: >> X7 Chat >> 1.3.6 Security Vulnerabilities
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
CVSS Score
6.8
EPSS Score
0.003
Published
2012-11-27
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
CVSS Score
7.5
EPSS Score
0.015
Published
2008-10-23
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.
CVSS Score
6.0
EPSS Score
0.003
Published
2008-01-15
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
CVSS Score
6.4
EPSS Score
0.137
Published
2006-05-03