Vulnerabilities > Phpkit

DATE CVE VULNERABILITY TITLE RISK
2005-12-20 CVE-2005-4424 Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a ..
network
low complexity
phpkit
6.5
2005-11-16 CVE-2005-3554 Code Injection vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.
network
high complexity
phpkit CWE-94
5.1
2005-11-16 CVE-2005-3553 SQL Injection vulnerability in PHPkit
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).
network
low complexity
phpkit CWE-89
7.5
2005-11-16 CVE-2005-3552 Cross-Site Scripting vulnerability in PHPkit
Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook.
network
phpkit CWE-79
4.3
2005-08-26 CVE-2005-2699 File-Upload vulnerability in PHPkit 1.6.1
Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php.
local
low complexity
phpkit
4.6
2005-08-23 CVE-2005-2683 SQL Injection vulnerability in PHPkit 1.6.1
Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.
network
low complexity
phpkit
7.5
2004-12-31 CVE-2004-1879 HTML Injection vulnerability in PHPkit 1.6.03
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.
network
phpkit
4.3
2004-12-31 CVE-2004-1538 Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
phpkit
7.5
2004-12-31 CVE-2004-1537 Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.
network
phpkit
4.3
2003-11-02 CVE-2003-1187 Cross-Site Scripting vulnerability in PHPkit 1.6.02/1.6.03
Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.
network
phpkit
6.8