CVE-2012-6047
x7_chat < 2.0.5.1 - Cross-Site Request Forgery via Admin Panel User Group Addition
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6047. PoCs published by DennSpec.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in X7 Chat 2.0.5.1, allowing an attacker to elevate a registered user to administrator status by tricking an admin into visiting a malicious page.
Description
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
Exploits (1)
This exploit demonstrates a CSRF vulnerability in X7 Chat 2.0.5.1, allowing an attacker to elevate a registered user to administrator status by tricking an admin into visiting a malicious page.