X7 Group : Security Vulnerabilities, CVEs, CVSS score >= 5
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
Max CVSS
6.8
EPSS Score
0.16%
Published
2012-11-27
Updated
2012-11-27
SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-08-13
Updated
2017-09-29
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
Max CVSS
7.5
EPSS Score
1.99%
Published
2008-10-23
Updated
2017-09-29
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.
Max CVSS
6.0
EPSS Score
0.12%
Published
2008-01-15
Updated
2017-09-29
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2006-07-25
Updated
2017-10-19
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
Max CVSS
6.4
EPSS Score
1.43%
Published
2006-05-03
Updated
2018-10-18
6 vulnerabilities found