ID CVE-2006-0786
Summary Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs.
References
Vulnerable Configurations
  • cpe:2.3:a:phpkit:phpkit:1.6.1:rc2
    cpe:2.3:a:phpkit:phpkit:1.6.1:rc2
CVSS
Base: 5.1 (as of 20-02-2006 - 10:25)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description PHPKIT <= 1.6.1R2 (filecheck) Remote Commands Execution Exploit. CVE-2006-0786. Webapps exploit for php platform
id EDB-ID:1501
last seen 2016-01-31
modified 2006-02-16
published 2006-02-16
reporter rgod
source https://www.exploit-db.com/download/1501/
title PHPKIT <= 1.6.1R2 filecheck Remote Commands Execution Exploit
nessus via4
NASL family CGI abuses
NASL id PHPKIT_MULTIPLE_FLAWS.NASL
description The remote host is running PHP-Kit, an open source content management system written in PHP. The remote version of this software is vulnerable to multiple remote and local code execution, SQL injection and cross-site scripting flaws.
last seen 2019-02-21
modified 2018-11-15
plugin id 15784
published 2004-11-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15784
title PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
refmap via4
bugtraq 20060216 PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)
misc http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html
sectrack 1015640
sreason 445
Last major update 05-09-2008 - 17:00
Published 19-02-2006 - 06:02
Last modified 18-10-2018 - 12:29
Back to Top