Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpkit phpkit vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-2683
Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote malicious users to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.
Phpkit Phpkit 1.6.1
1 EDB exploit
NA
CVE-2005-2699
Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access ...
Phpkit Phpkit 1.6.1
NA
CVE-2008-7193
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include...
Phpkit Phpkit 1.6.4pl1
NA
CVE-2006-1507
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote malicious users to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.
Phpkit Phpkit 1.6.03
NA
CVE-2015-1052
Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote malicious users to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php.
Phpkit Phpkit 1.6.6
NA
CVE-2007-6134
SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote malicious users to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
Phpkit Phpkit 1.6.4pl1
1 EDB exploit
NA
CVE-2004-1879
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote malicious users to inject arbitrary web script or HTML via forum messages.
Phpkit Phpkit 1.6.03
NA
CVE-2007-0179
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote malicious users to execute arbitrary SQL commands via the subid parameter.
Phpkit Phpkit 1.6.1
1 EDB exploit
NA
CVE-2006-7115
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote malicious users to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
Phpkit Phpkit 1.6.1
8.8
CVSSv3
CVE-2016-10758
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.
Phpkit Phpkit 1.6.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2