Description
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by DennSpec · textwebappsphp
https://www.exploit-db.com/exploits/18850
References (1)
Core 1
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18850
Scores
EPSS
0.0021
EPSS Percentile
43.5%
Details
CWE
CWE-352
Status
published
Products (16)
x7_group/x7_chat
1.0.0b
x7_group/x7_chat
1.1.1b
x7_group/x7_chat
1.1.2b
x7_group/x7_chat
1.2.0b
x7_group/x7_chat
1.3.0b
x7_group/x7_chat
1.3.1b
x7_group/x7_chat
1.3.2b
x7_group/x7_chat
1.3.3b
x7_group/x7_chat
1.3.4b
x7_group/x7_chat
1.3.5b
... and 6 more
Published
Nov 27, 2012
Tracked Since
Feb 18, 2026