Vulnerabilities > CVE-2006-0785 - File-Upload vulnerability in PHPKIT
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions.
|NASL family||CGI abuses|
|description||The remote host is running PHP-Kit, an open source content management system written in PHP. The remote version of this software is vulnerable to multiple remote and local code execution, SQL injection and cross-site scripting flaws.|
|reporter||This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.|
|title||PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities|