Lucene search

[email protected]CVE-2008-7193

HistorySep 09, 2009 - 7:30 p.m.

CVE-2008-7193

2009-09-0919:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2008-7193

phpkit

cross-site request forgery

csrf

remote code execution

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.4%

JSON

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.

Affected configurations

NVD

Node

phpkitphpkitMatch1.6.4pl1

CPENameOperatorVersion
phpkit:phpkitphpkiteq1.6.4pl1

CPE	Name	Operator	Version
phpkit:phpkit	phpkit	eq	1.6.4pl1

References

osvdb.org/50998

www.securityfocus.com/archive/1/487249/100/200/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/40033

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.4%

JSON

Related for CVE-2008-7193

nvd1 prion1 cvelist1