CVE-2014-8998

Опубликовано: 20 нояб. 2014

Источник: nvd

CVSS2: 6.5

EPSS Средний

Описание

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:x7chat:x7_chat:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.0:a1:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.0:a2:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.0:a3:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.0:b1:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.0:b2:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.1:a1:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.4.3:*:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.4.4:*:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:x7chat:x7_chat:2.0.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.66001

Средний

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-f5vg-hj9x-r48m

github

больше 3 лет назад