← back
CVE-2014-8998

CVE-2014-8998

EPSS 36.8%
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
Affected products
n/a · n/a
public PoCs found3
exploitdbwww.exploit-db.com/exploits/35183unverifiedcve_referencepacketstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/35183unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/98513http://www.exploit-db.com/exploits/35183http://www.securityfocus.com/bid/71014