CVE-2008-6516

Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. dot dot in the 1 temadizin parameter to baslik.php and 2 portalayarlarportaldili parameter to anketyonetim.php. NOTE: the provenance of this information is unknown; the...

CVE-2008-6516

Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. dot dot in the 1 temadizin parameter to baslik.php and 2 portalayarlarportaldili parameter to anketyonetim.php. NOTE: the provenance of this information is unknown; the...

CVE-2008-6516

CVE-2008-6516 affects phpKF-Portal 1.10 with directory traversal via nested dot-dot sequences to baslik.php (tema_dizin) and anket_yonetim.php (portal_ayarlarportal_dili). Descriptions indicate remote file inclusion is possible; CVSSv2 base score 7.5 (HIGH) with network exposure, no authenticatio...

Sql injection

SQL injection vulnerability in forumduzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter...

CVE-2008-6443

SQL injection vulnerability in forumduzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter...

CVE-2008-6443

SQL injection vulnerability in forumduzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter...

CVE-2008-6443

CVE-2008-6443 describes a SQL injection in phpKF’s forum_duzen.php exploitable via the fno parameter. Affected behavior: remote attackers could modify or read database data by injecting arbitrary SQL. Root cause is improper input handling leading to SQL statement construction. The public referenc...

PHPKF-Portal 1.10 - baslik.php?tema_dizin Traversal Local File Inclusion

PHPKF-Portal 1.10 - baslik.php?temadizin Traversal Local File Inclusion source: https://www.securityfocus.com/bid/30566/info phpKF-Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability...

PHPKF-Portal 1.10 - anket_yonetim.php?portal_ayarlarportal_dili Traversal Local File Inclusion

PHPKF-Portal 1.10 - anketyonetim.php?portalayarlarportaldili Traversal Local File Inclusion source: https://www.securityfocus.com/bid/30566/info phpKF-Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit...

PHPKF-Portal 1.10 - 'anket_yonetim.php?portal_ayarlarportal_dili' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/30566/info phpKF-Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context ...

PHPKF-Portal 1.10 - 'baslik.php?tema_dizin' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/30566/info phpKF-Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context ...

phpKF 'forum_duzen.php' SQL注入漏洞

BUGTRAQ ID: 30318 CNCAN ID：CNCAN-2008072203 phpKF是一款基于PHP的WEB应用程序。 phpKF不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'forumduzen.php'脚本对用户提交给'fno'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 phpKF 目前没有解决方案提供： http://www.scriptcv.com/phpkf-forum-scripti.html...

PHPKF - forum_duzen.php SQL Injection

PHPKF - forumduzen.php SQL Injection source: https://www.securityfocus.com/bid/30318/info phpKF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

PHPKF - 'forum_duzen.php' SQL Injection

source: https://www.securityfocus.com/bid/30318/info phpKF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, o...