Vulnerabilities > Phpkit

DATE CVE VULNERABILITY TITLE RISK
2019-05-24 CVE-2016-10758 Unrestricted Upload of File with Dangerous Type vulnerability in PHPkit 1.6.6
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.
network
low complexity
phpkit CWE-434
6.5
2015-01-15 CVE-2015-1052 Cross-site Scripting vulnerability in PHPkit 1.6.6
Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php.
network
phpkit CWE-79
4.3
2009-09-09 CVE-2008-7193 Cross-Site Request Forgery (CSRF) vulnerability in PHPkit 1.6.4Pl1
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.
network
phpkit CWE-352
6.8
2007-11-27 CVE-2007-6134 SQL Injection vulnerability in PHPkit 1.6.4Pl1
SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
network
low complexity
phpkit CWE-89
7.5
2007-01-11 CVE-2007-0179 SQL Injection vulnerability in PHPkit 1.6.1
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.
network
low complexity
phpkit
7.5
2006-04-13 CVE-2006-1773 SQL Injection vulnerability in PHPKIT Include.PHP
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php.
network
low complexity
phpkit
6.4
2006-03-30 CVE-2006-1507 Cross-Site Scripting vulnerability in PHPkit 1.6.03
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.
network
phpkit
6.8
2006-02-19 CVE-2006-0786 Remote Security vulnerability in PHPKIT
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs.
network
high complexity
phpkit
5.1
2006-02-19 CVE-2006-0785 File-Upload vulnerability in PHPKIT
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions.
network
low complexity
phpkit
6.4
2005-12-20 CVE-2005-4424 Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a ..
network
low complexity
phpkit
6.5