CVE-2006-0786

Name of the Vulnerable Software and Affected Versions PHPKIT versions 1.6.1 Release 2 and earlier

Description The issue allows remote attackers to conduct PHP remote file include attacks via a path parameter. This can be achieved by specifying a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs. This is possible when allow url fopen is enabled.

Recommendations For PHPKIT versions 1.6.1 Release 2 and earlier, consider disabling the allow url fopen setting to prevent remote file inclusion attacks. Additionally, restrict access to the include.php file to minimize the risk of exploitation.