CVE-2014-8998

X7 Chat <2.0.5.1 - Authenticated RCE

Title source: llm

Description

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/35183

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/x7chat2_php_exec.rb

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.com/files/128964/X7-Chat-2.0.5-lib-message.php-preg_replace-PHP-Code-Execution.html

[Exploit] http://www.exploit-db.com/exploits/35183

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/71014

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/98513

Scores

EPSS 0.6600

EPSS Percentile 98.5%

Details

CWE

CWE-94

Status published

Products (10)

x7chat/x7_chat 2.0.0 (6 CPE variants)

x7chat/x7_chat 2.0.1 a1

x7chat/x7_chat 2.0.2

x7chat/x7_chat 2.0.3

x7chat/x7_chat 2.0.4

x7chat/x7_chat 2.0.4.1

x7chat/x7_chat 2.0.4.3

x7chat/x7_chat 2.0.4.4

x7chat/x7_chat 2.0.5

x7chat/x7_chat 2.0.5.1

Published Nov 20, 2014

Tracked Since Feb 18, 2026