NVD

Id
35827  
Name
CVE-2014-8998  
Description
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-11-20  
Modified Date
2014-11-20  
Seq
2014-8998  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
183453 35827 CVE-2014-8998 http://packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.html  View
183454 35827 CVE-2014-8998 35183  View
183455 35827 CVE-2014-8998 71014  View
183456 35827 CVE-2014-8998 x7chat-message-code-exec(98513)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16678 JVNDB-2014-005553 X7 Chat の lib/message.php における任意の PHP コードを実行される脆弱性 X7 Chat の lib/message.php には、任意の PHP コードを実行される脆弱性が存在します。 CVE-2014-8998 76291 CVE-2014-8998 35827 6.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005553.html 2014-11-05 2014-11-21 View