CVE-2014-8998

2014-11-20T08:55:07
ID CVE-2014-8998
Type cve
Reporter NVD
Modified 2017-09-07T21:29:31

Description

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.