Moderate

CVE-2005-4424 - Unspecified vulnerability in PHPkit

Publication: 2005-12-20
Summary

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.

Risk level (CVSS 6.5)

Moderate

6.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Phpkit Phpkit 1.6.1
  • Phpkit Phpkit 1.6.1
  • Phpkit Phpkit 1.6.02
  • Phpkit Phpkit 1.6.03