Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpkit phpkit vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-10758
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.
Phpkit Phpkit 1.6.6
NA
CVE-2015-1052
Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote malicious users to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php.
Phpkit Phpkit 1.6.6
NA
CVE-2008-7193
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include...
Phpkit Phpkit 1.6.4pl1
NA
CVE-2007-6134
SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote malicious users to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
Phpkit Phpkit 1.6.4pl1
1 EDB exploit
NA
CVE-2006-7115
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote malicious users to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
Phpkit Phpkit 1.6.1
NA
CVE-2007-0179
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote malicious users to execute arbitrary SQL commands via the subid parameter.
Phpkit Phpkit 1.6.1
1 EDB exploit
NA
CVE-2006-1773
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php.
Phpkit Phpkit
1 EDB exploit
NA
CVE-2006-1507
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote malicious users to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.
Phpkit Phpkit 1.6.03
NA
CVE-2006-0786
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and previous versions, with allow_url_fopen enabled, allows remote malicious users to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which byp...
Phpkit Phpkit
1 EDB exploit
NA
CVE-2006-0785
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and previous versions allows remote malicious users to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (s...
Phpkit Phpkit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »