X7 · X7 Chat · CVE-2012-6047
**Name of the Vulnerable Software and Affected Versions**
X7 Chat versions 2.0.5.1 and earlier
**Description**
A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the "users page" in an "adminpanel action" to "index.php".
**Recommendations**
For versions 2.0.5.1 and earlier, as a temporary workaround, consider restricting access to the adminpanel action in index.php until a patch is available. Avoid using the users page in the adminpanel to add users to groups until the issue is resolved.