ID CVE-2006-7115
Summary SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
References
Vulnerable Configurations
  • cpe:2.3:a:phpkit:phpkit:1.6.1:rc2
    cpe:2.3:a:phpkit:phpkit:1.6.1:rc2
CVSS
Base: 7.5 (as of 07-03-2007 - 14:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
refmap via4
bid 21002
bugtraq 20061110 PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit
misc http://www.bb-pcsecurity.de/websecurity/532/org/PHPKit_1.6.1_RC2_(faq-faq.php)_Remote_SQL_Injection_Exploit.htm
osvdb 31265
secunia 17479
sreason 2357
xf phpkit-faq-sql-injection(30209)
Last major update 10-09-2008 - 20:47
Published 05-03-2007 - 20:19
Last modified 16-10-2018 - 12:29
Back to Top