Vulnerabilities > Phpkit > Phpkit > 1.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-11 | CVE-2007-0179 | SQL Injection vulnerability in PHPkit 1.6.1 SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter. | 7.5 |
2005-12-20 | CVE-2005-4424 | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. | 6.5 |
2005-11-16 | CVE-2005-3554 | Code Injection vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | 5.1 |
2005-08-26 | CVE-2005-2699 | File-Upload vulnerability in PHPkit 1.6.1 Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. | 4.6 |
2005-08-23 | CVE-2005-2683 | SQL Injection vulnerability in PHPkit 1.6.1 Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php. | 7.5 |
2004-12-31 | CVE-2004-1538 | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2004-12-31 | CVE-2004-1537 | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter. network phpkit | 4.3 |