PT-2005-4343 · Php · Phpkit
Published
2005-11-16
·
Updated
2017-07-11
·
CVE-2005-3554
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHPKIT versions 1.6.1 R2 and earlier
Description
The issue concerns multiple eval injection vulnerabilities in the help function of PHPKIT. When register globals is enabled, remote attackers can execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.
Recommendations
For PHPKIT versions 1.6.1 R2 and earlier, disable the register globals setting to prevent exploitation of this issue. Additionally, consider disabling the help function until a patch is available.
Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpkit