CVE-2012-6047

Published: Nov 27, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.

Affected (16)

Products: X7 Group: X7 Chat

X7 Group

1 product

X7 Chat

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
X7 Group X7 Chat	Up to 2.0.5.1
X7 Group X7 Chat	Version 1.0.0b
X7 Group X7 Chat	Version 1.1.1b
X7 Group X7 Chat	Version 1.1.2b
X7 Group X7 Chat	Version 1.2.0b
X7 Group X7 Chat	Version 1.3.0b
X7 Group X7 Chat	Version 1.3.1b
X7 Group X7 Chat	Version 1.3.2b
X7 Group X7 Chat	Version 1.3.3b
X7 Group X7 Chat	Version 1.3.4b
X7 Group X7 Chat	Version 1.3.5b
X7 Group X7 Chat	Version 1.3.6
X7 Group X7 Chat	Version 2.0.0
X7 Group X7 Chat	Version 2.0.2
X7 Group X7 Chat	Version 2.0.3
X7 Group X7 Chat	Version 2.0.4.4

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://www.exploit-db.com/exploits/18850

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/18850

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.