CVE-2016-10758

Name of the Vulnerable Software and Affected Versions PHPKIT version 1.6.6

Description The issue allows for arbitrary file upload. This can be demonstrated by uploading a .php file to specific API endpoints, such as "pkinc/admin/mediaarchive.php" and "pkinc/func/default.php", via the image name parameter.

Recommendations For PHPKIT version 1.6.6, consider restricting access to the "pkinc/admin/mediaarchive.php" and "pkinc/func/default.php" endpoints to minimize the risk of exploitation. Additionally, restrict the use of the image name parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.