CVE-2008-7193
PHPKIT 1.6.4 PL1 is vulnerable to Cross-Site Request Forgery (CSRF) because the session ID is included in the URL. An attacker can read the PHPKITSID parameter from the HTTP Referer and reuse it to perform actions on behalf of a user, specifically (1) modify the user profile via upload_files/incl...