Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.
Max CVSS
6.8
EPSS Score
0.60%
Published
2006-03-30
Updated
2018-10-18
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
Max CVSS
6.5
EPSS Score
0.53%
Published
2005-12-20
Updated
2017-07-20
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.
Max CVSS
5.1
EPSS Score
6.44%
Published
2005-11-16
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.
Max CVSS
4.3
EPSS Score
0.26%
Published
2004-12-31
Updated
2017-07-11
SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2004-12-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.
Max CVSS
4.3
EPSS Score
0.31%
Published
2004-12-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.
Max CVSS
6.8
EPSS Score
1.05%
Published
2003-11-02
Updated
2017-07-11
7 vulnerabilities found