X7 Chat Index.PHP Local File Include Vulnerability

info
discussion
exploit
solution
references

X7 Chat Index.PHP Local File Include Vulnerability

X7 Chat is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.

An attacker may also be able to execute arbitrary code by way of uploaded avatars.

Versions 2.0 and earlier are reported vulnerable to this issue.