Full title: X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution Exploit Category: remote exploits Platform: php This Metasploit module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote machine. # 0day.today @ http://0day.today/