This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Phpkit First view 2007-11-27
Product Phpkit Last view 2009-09-09
Version 1.6.4pl1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:phpkit:phpkit

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2009-09-09 CVE-2008-7193

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.

7.5 2007-11-27 CVE-2007-6134

SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-352 Cross-Site Request Forgery (CSRF)
50% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

Open Source Vulnerability Database (OSVDB)

id Description
50998 PHPKIT upload_files/include.php Multiple Action CSRF
38804 PHPKIT pkinc/public/article.php contentid Parameter SQL Injection