Phpkit

Phpkit

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-10758

Exploit
  • EPSS 0.4%
  • Veröffentlicht 24.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:40

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.

4.3

CVE-2015-1052

Exploit
  • EPSS 0.38%
  • Veröffentlicht 15.01.2015 15:59:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php.

6.8

CVE-2008-7193

  • EPSS 0.21%
  • Veröffentlicht 09.09.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile ...

7.5

CVE-2007-6134

  • EPSS 0.55%
  • Veröffentlicht 27.11.2007 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.

7.5

CVE-2006-7115

Exploit
  • EPSS 0.79%
  • Veröffentlicht 06.03.2007 01:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php...

7.5

CVE-2007-0179

Exploit
  • EPSS 0.71%
  • Veröffentlicht 11.01.2007 00:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.

6.4

CVE-2006-1773

Exploit
  • EPSS 0.6%
  • Veröffentlicht 13.04.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php.

6.8

CVE-2006-1507

Exploit
  • EPSS 1.17%
  • Veröffentlicht 30.03.2006 01:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.

6.4

CVE-2006-0785

Exploit
  • EPSS 0.33%
  • Veröffentlicht 19.02.2006 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/...

5.1

CVE-2006-0786

Exploit
  • EPSS 3.38%
  • Veröffentlicht 19.02.2006 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps ...