$H4D0Wl33T

**Name of the Vulnerable Software and Affected Versions** PHPKIT version 1.6.4pl1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `contentid` parameter in an article action to include.php. **Recommendations** For PHPKIT version 1.6.4pl1, avoid using the `contentid` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the include.php module to minimize the risk of exploitation.