CVE-2012-6047

x7_chat < 2.0.5.1 - Cross-Site Request Forgery via Admin Panel User Group Addition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6047. PoCs published by DennSpec.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in X7 Chat 2.0.5.1, allowing an attacker to elevate a registered user to administrator status by tricking an admin into visiting a malicious page.

Description

Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by DennSpec · textwebappsphp
https://www.exploit-db.com/exploits/18850

This exploit demonstrates a CSRF vulnerability in X7 Chat 2.0.5.1, allowing an attacker to elevate a registered user to administrator status by tricking an admin into visiting a malicious page.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: X7 Chat <= 2.0.5.1
Auth required
Prerequisites: Registered user account on target X7 Chat instance · Admin user must visit the malicious page
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18850

Scores

EPSS 0.0095
EPSS Percentile 56.8%

Details

CWE
CWE-352
Status published
Products (16)
x7_group/x7_chat 1.0.0b
x7_group/x7_chat 1.1.1b
x7_group/x7_chat 1.1.2b
x7_group/x7_chat 1.2.0b
x7_group/x7_chat 1.3.0b
x7_group/x7_chat 1.3.1b
x7_group/x7_chat 1.3.2b
x7_group/x7_chat 1.3.3b
x7_group/x7_chat 1.3.4b
x7_group/x7_chat 1.3.5b
... and 6 more
Published Nov 27, 2012
Tracked Since Feb 18, 2026