CVE-2012-6047
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| x7_group | x7_chat | {"endIncluding":"2.0.5.1"} | |
| x7_group | x7_chat | 1.0.0b | |
| x7_group | x7_chat | 1.1.1b | |
| x7_group | x7_chat | 1.1.2b | |
| x7_group | x7_chat | 1.2.0b | |
| x7_group | x7_chat | 1.3.0b | |
| x7_group | x7_chat | 1.3.1b | |
| x7_group | x7_chat | 1.3.2b | |
| x7_group | x7_chat | 1.3.3b | |
| x7_group | x7_chat | 1.3.4b | |
| x7_group | x7_chat | 1.3.5b | |
| x7_group | x7_chat | 1.3.6 | |
| x7_group | x7_chat | 2.0.0 | |
| x7_group | x7_chat | 2.0.2 | |
| x7_group | x7_chat | 2.0.3 | |
| x7_group | x7_chat | 2.0.4.4 | |
References
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.