ID CVE-2005-4424
Summary Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
References
Vulnerable Configurations
  • cpe:2.3:a:phpkit:phpkit:1.6.02
    cpe:2.3:a:phpkit:phpkit:1.6.02
  • cpe:2.3:a:phpkit:phpkit:1.6.03
    cpe:2.3:a:phpkit:phpkit:1.6.03
  • cpe:2.3:a:phpkit:phpkit:1.6.1
    cpe:2.3:a:phpkit:phpkit:1.6.1
  • cpe:2.3:a:phpkit:phpkit:1.6.1:rc2
    cpe:2.3:a:phpkit:phpkit:1.6.1:rc2
CVSS
Base: 6.5 (as of 20-12-2005 - 09:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family CGI abuses
NASL id PHPKIT_MULTIPLE_FLAWS.NASL
description The remote host is running PHP-Kit, an open source content management system written in PHP. The remote version of this software is vulnerable to multiple remote and local code execution, SQL injection and cross-site scripting flaws.
last seen 2019-02-21
modified 2018-11-15
plugin id 15784
published 2004-11-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15784
title PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
refmap via4
bid 15354
bugtraq 20051105 Advisory 21/2005: Multiple vulnerabilities in PHPKIT
misc http://www.hardened-php.net/advisory_212005.80.html
osvdb 20562
secunia 17479
sreason 157
xf phpkit-avatar-file-include(23014)
Last major update 05-09-2008 - 16:56
Published 20-12-2005 - 06:03
Last modified 19-07-2017 - 21:29
Back to Top