ID CVE-2005-2699
Summary Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE.
References
Vulnerable Configurations
  • cpe:2.3:a:phpkit:phpkit:1.6.1
    cpe:2.3:a:phpkit:phpkit:1.6.1
CVSS
Base: 4.6 (as of 26-08-2005 - 13:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family CGI abuses
NASL id PHPKIT_MULTIPLE_FLAWS.NASL
description The remote host is running PHP-Kit, an open source content management system written in PHP. The remote version of this software is vulnerable to multiple remote and local code execution, SQL injection and cross-site scripting flaws.
last seen 2019-02-21
modified 2018-11-15
plugin id 15784
published 2004-11-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15784
title PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
refmap via4
bugtraq 20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1
Last major update 17-10-2016 - 23:29
Published 26-08-2005 - 11:50
Back to Top