Vulnerabilities > Phpkit > Phpkit > 1.6.1

DATE CVE VULNERABILITY TITLE RISK
2007-01-11 CVE-2007-0179 SQL Injection vulnerability in PHPkit 1.6.1
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.
network
low complexity
phpkit
7.5
7.5
2005-12-20 CVE-2005-4424 Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a ..
network
low complexity
phpkit
6.5
6.5
2005-11-16 CVE-2005-3554 Code Injection vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.
network
high complexity
phpkit CWE-94
5.1
5.1
2005-08-26 CVE-2005-2699 File-Upload vulnerability in PHPkit 1.6.1
Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php.
local
low complexity
phpkit
4.6
4.6
2005-08-23 CVE-2005-2683 SQL Injection vulnerability in PHPkit 1.6.1
Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.
network
low complexity
phpkit
7.5
7.5
2004-12-31 CVE-2004-1538 Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
phpkit
7.5
7.5
2004-12-31 CVE-2004-1537 Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.
network
phpkit
4.3
4.3