CVE-2005-4424

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:phpkit:phpkit:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:phpkit:phpkit:1.6.1:rc2:*:*:*:*:*:*
cpe:2.3:a:phpkit:phpkit:1.6.02:*:*:*:*:*:*:*
cpe:2.3:a:phpkit:phpkit:1.6.03:*:*:*:*:*:*:*

History

21 Nov 2024, 00:04

Type Values Removed Values Added
References () http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html - Vendor Advisory () http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html - Vendor Advisory
References () http://secunia.com/advisories/17479 - Vendor Advisory () http://secunia.com/advisories/17479 - Vendor Advisory
References () http://securityreason.com/securityalert/157 - () http://securityreason.com/securityalert/157 -
References () http://www.hardened-php.net/advisory_212005.80.html - Vendor Advisory () http://www.hardened-php.net/advisory_212005.80.html - Vendor Advisory
References () http://www.osvdb.org/20562 - () http://www.osvdb.org/20562 -
References () http://www.securityfocus.com/bid/15354 - () http://www.securityfocus.com/bid/15354 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/23014 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/23014 -

Information

Published : 2005-12-20 11:03

Updated : 2024-11-21 00:04


NVD link : CVE-2005-4424

Mitre link : CVE-2005-4424

CVE.ORG link : CVE-2005-4424


JSON object : View

Products Affected

phpkit

  • phpkit