Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and previous versions, with allow_url_fopen enabled, allows remote malicious users to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "", "ftp://", and "" URLs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpkit phpkit |