CVE-2006-0785

Name of the Vulnerable Software and Affected Versions PHPKIT versions 1.6.1 Release 2 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter. This can be achieved by using a null character and beginning the path with either a slash (/) for an absolute pathname or a drive letter (such as "C:"). This method bypasses checks for ".." sequences and trailing ".php" extensions.

Recommendations For PHPKIT versions 1.6.1 Release 2 and earlier, consider restricting access to the include.php file until a patch is available. As a temporary workaround, avoid using the path parameter in direct requests to prevent exploitation.