This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Phpkit | First view | 2007-11-27 |
| Product | Phpkit | Last view | 2009-09-09 |
| Version | 1.6.4pl1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:phpkit:phpkit | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.8 | 2009-09-09 | CVE-2008-7193 | PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php. |
| 7.5 | 2007-11-27 | CVE-2007-6134 | SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 50% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 50998 | PHPKIT upload_files/include.php Multiple Action CSRF |
| 38804 | PHPKIT pkinc/public/article.php contentid Parameter SQL Injection |
