Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).
References
Configurations
History
21 Nov 2024, 00:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html - | |
References | () http://secunia.com/advisories/17479 - | |
References | () http://securitytracker.com/id?1015167 - | |
References | () http://www.hardened-php.net/advisory_212005.80.html - Exploit, Vendor Advisory | |
References | () http://www.osvdb.org/20560 - | |
References | () http://www.osvdb.org/20561 - | |
References | () http://www.securityfocus.com/bid/15354 - | |
References | () http://www.vupen.com/english/advisories/2005/2344 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/23010 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/23013 - |
Information
Published : 2005-11-16 07:42
Updated : 2024-11-21 00:02
NVD link : CVE-2005-3553
Mitre link : CVE-2005-3553
CVE.ORG link : CVE-2005-3553
JSON object : View
Products Affected
phpkit
- phpkit
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')