Vulnerabilities > Phpkit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-16 | CVE-2005-3554 | Code Injection vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | 5.1 |
| 2005-11-16 | CVE-2005-3553 | SQL Injection vulnerability in PHPkit Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | 7.5 |
| 2005-11-16 | CVE-2005-3552 | Cross-Site Scripting vulnerability in PHPkit Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook. | 4.3 |
| 2005-08-26 | CVE-2005-2699 | File-Upload vulnerability in PHPkit 1.6.1 Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. | 4.6 |
| 2005-08-23 | CVE-2005-2683 | SQL Injection vulnerability in PHPkit 1.6.1 Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php. | 7.5 |
| 2004-12-31 | CVE-2004-1879 | HTML Injection vulnerability in PHPkit 1.6.03 Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. network phpkit | 4.3 |
| 2004-12-31 | CVE-2004-1538 | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1537 | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter. network phpkit | 4.3 |