CVE-2014-8998

Published Nov 20, 2014

Last updated 7 years ago

CVSS info 6.5

Overview

Description: lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EE9C702-99D0-4D99-8479-3FDA0ABE1F1E"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.0:a1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4C37FD3-A2D0-4F3D-A451-D318F1160DEB"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.0:a2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B3A12CB-E0B8-460E-8AFF-38F4038D89F1"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.0:a3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B16D1C70-5AD8-4417-8A85-34D858F63592"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.0:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57E0CEAF-3425-457D-8BEB-1844968ECC5B"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.0:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA9CCE39-827E-403E-BB29-9AA032D978AF"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.1:a1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0775703-2E7E-474E-AF13-083BC92E0FDB"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D25741B-DA95-434A-ACE7-68E67E177538"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ED94660-2267-4466-BFCB-FC1ED3A9EC66"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C93B3F07-1CA8-445D-8488-251929ED6C35"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E51254DD-AFDC-4D2C-9206-B814B5FC2386"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29106DC5-15C2-4331-B3B2-5D7DB809A82A"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE980550-DE0E-417B-93E4-77E1BD7F10AC"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40B44AAC-B349-4154-A5BC-6E438610E959"
          },
          {
            "criteria": "cpe:2.3:a:x7chat:x7_chat:2.0.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64F825FB-80F2-4282-A82D-916CB0B4BAB7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References