| VID |
210007 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The X7 Chat Program is vulnerable to a local file include vulnerability via the 'help_file' parameter. X7 Chat is free, open source and web based chatting software written in PHP. X7 Chat version 2.0 and earlier versions are vulnerable to a local file include vulnerability, caused by improper validation of user-supplied input passed to the 'help_file' parameter of the 'help/index.php' script. A remote attacker could exploit this vulnerability to view arbitrary files or to execute arbitrary PHP script code on the vulnerable system in the security context of the Web server process.
* References:
http://www.securityfocus.com/archive/1/archive/1/432716/100/0/threaded
http://secunia.com/advisories/19886
http://www.frsirt.com/english/advisories/2006/1608
* Platforms Affected:
X7 Group, X7 Chat version 2.0 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of X7 Chat (2.0.3 or later), available from the X7 Chat Download Web site at http://x7chat.com/ |
| Related URL |
CVE-2006-2156 (CVE) |
| Related URL |
17777 (SecurityFocus) |
| Related URL |
26218 (ISS) |
|
