CVE-2005-2699

Name of the Vulnerable Software and Affected Versions PHPKit version 1.6.1

Description The issue allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using the "images.php" endpoint. This can be done by exploiting an unrestricted file upload vulnerability in the "admin/admin.php" file.

Recommendations For PHPKit version 1.6.1, restrict access to the "images.php" endpoint to prevent uploading of malicious files, and consider implementing validation on uploaded files to prevent execution of arbitrary PHP code. As a temporary workaround, consider disabling the file upload functionality in the admin panel until a patch is available.