Shodan
Vulnerabilities
Vulnerable Software
Phpkit:  >> Phpkit  >> 1.6.1  Security Vulnerabilities
CVE-2006-7115
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
CVSS Score
7.5
EPSS Score
0.008
Published
2007-03-06
CVE-2007-0179
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-01-11
CVE-2005-4424
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
CVSS Score
6.5
EPSS Score
0.017
Published
2005-12-20
CVE-2005-3554
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.
CVSS Score
5.1
EPSS Score
0.051
Published
2005-11-16
CVE-2005-2699
Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE.
CVSS Score
4.6
EPSS Score
0.002
Published
2005-08-26
CVE-2005-2683
Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2005-08-23
CVE-2004-1537
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.
CVSS Score
4.3
EPSS Score
0.004
Published
2004-12-31
CVE-2004-1538
SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved