Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-7115 | 7.5 |
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php
|
16-10-2018 - 16:29 | 06-03-2007 - 01:19 | |
CVE-2005-4424 | 6.5 |
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename
|
20-07-2017 - 01:29 | 20-12-2005 - 11:03 | |
CVE-2005-3553 | 7.5 |
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka
|
11-07-2017 - 01:33 | 16-11-2005 - 07:42 | |
CVE-2005-3554 | 5.1 |
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables
|
11-07-2017 - 01:33 | 16-11-2005 - 07:42 | |
CVE-2005-3552 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.
|
11-07-2017 - 01:33 | 16-11-2005 - 07:42 |