Описание
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.5.1 (включая)
Одно из
cpe:2.3:a:x7_group:x7_chat:*:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.1.1b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.1.2b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.2.0b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.3.0b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.3.1b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.3.2b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.3.3b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.3.4b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.3.5b:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:x7_group:x7_chat:2.0.4.4:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00211
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
EPSS
Процентиль: 44%
0.00211
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352