phpkit

Top products

The 15 most recently published vulnerabilities affecting phpkit.

• CVE-2016-10758PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.8.8May 24, 2019
• CVE-2015-1052Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/p...4.3Jan 15, 2015
• CVE-2008-7193PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and ...6.8Sep 9, 2009
• CVE-2007-6134SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php,...7.5Nov 27, 2007
• CVE-2006-7115SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and ot...7.5Mar 6, 2007
• CVE-2007-0179SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.7.5Jan 11, 2007
• CVE-2006-1773SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/ne...6.4Apr 13, 2006
• CVE-2006-1507Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/l...6.8Mar 30, 2006
• CVE-2006-0786Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path ...5.1Feb 19, 2006
• CVE-2006-0785Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path para...6.4Feb 19, 2006
• CVE-2005-4424Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end o...6.5Dec 20, 2005
• CVE-2005-3554Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unk...5.1Nov 16, 2005
• CVE-2005-3553Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/...7.5Nov 16, 2005
• CVE-2005-3552Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) l...4.3Nov 16, 2005
• CVE-2005-2699Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ di...4.6Aug 25, 2005