Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
Software | From | Fixed in |
---|---|---|
x7_group / x7_chat | - | 2.0.1.x |
x7_group / x7_chat | 1.0.0b | 1.0.0b.x |
x7_group / x7_chat | 1.1.1b | 1.1.1b.x |
x7_group / x7_chat | 1.1.2b | 1.1.2b.x |
x7_group / x7_chat | 1.2.0b | 1.2.0b.x |
x7_group / x7_chat | 1.3.0b | 1.3.0b.x |
x7_group / x7_chat | 1.3.1b | 1.3.1b.x |
x7_group / x7_chat | 1.3.2b | 1.3.2b.x |
x7_group / x7_chat | 1.3.3b | 1.3.3b.x |
x7_group / x7_chat | 1.3.4b | 1.3.4b.x |
x7_group / x7_chat | 1.3.5b | 1.3.5b.x |
x7_group / x7_chat | 1.3.6 | 1.3.6.x |
x7_group / x7_chat | 2.0.0 | 2.0.0.x |