Phpkit

Phpkit

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2005-4424

  • EPSS 1.7%
  • Veröffentlicht 20.12.2005 11:03:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename...

5.1

CVE-2005-3554

Exploit
  • EPSS 5.13%
  • Veröffentlicht 16.11.2005 07:42:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...

7.5

CVE-2005-3553

Exploit
  • EPSS 1.89%
  • Veröffentlicht 16.11.2005 07:42:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka ...

4.3

CVE-2005-3552

  • EPSS 1.42%
  • Veröffentlicht 16.11.2005 07:42:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter....

4.6

CVE-2005-2699

  • EPSS 0.15%
  • Veröffentlicht 26.08.2005 15:50:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administ...

7.5

CVE-2005-2683

Exploit
  • EPSS 0.46%
  • Veröffentlicht 23.08.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.

4.3

CVE-2004-1879

  • EPSS 0.34%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.

7.5

CVE-2004-1538

Exploit
  • EPSS 0.6%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

4.3

CVE-2004-1537

Exploit
  • EPSS 0.42%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.

6.8

CVE-2003-1187

Exploit
  • EPSS 0.66%
  • Veröffentlicht 02.11.2003 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.