X7 Group: >> X7 Chat >> 2.0 Security Vulnerabilities
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2006-07-25
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
CVSS Score
6.4
EPSS Score
0.137
Published
2006-05-03