ID CVE-2006-1773
Summary SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php.
References
Vulnerable Configurations
  • cpe:2.3:a:phpkit:phpkit:1.6.1:rc2
    cpe:2.3:a:phpkit:phpkit:1.6.1:rc2
CVSS
Base: 6.4 (as of 13-04-2006 - 17:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
exploit-db via4
description PHPKIT 1.6.1 R2 Include.PHP SQL Injection Vulnerability. CVE-2006-1773. Webapps exploit for php platform
id EDB-ID:27624
last seen 2016-02-03
modified 2006-04-11
published 2006-04-11
reporter Hamid Ebadi
source https://www.exploit-db.com/download/27624/
title PHPKIT 1.6.1 R2 Include.PHP SQL Injection Vulnerability
nessus via4
NASL family CGI abuses
NASL id PHPKIT_MULTIPLE_FLAWS.NASL
description The remote host is running PHP-Kit, an open source content management system written in PHP. The remote version of this software is vulnerable to multiple remote and local code execution, SQL injection and cross-site scripting flaws.
last seen 2019-02-21
modified 2018-11-15
plugin id 15784
published 2004-11-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=15784
title PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
refmap via4
bid 17467
misc http://www.hamid.ir/security/phpkit.txt
sectrack 1015888
xf phpkit-contentid-sql-injection(25743)
Last major update 05-09-2008 - 17:02
Published 13-04-2006 - 06:02
Last modified 19-07-2017 - 21:30
Back to Top