CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-7152

Malware in sbrugna...

6.8CVSS6.4AI score0.00205EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 4:20 a.m.•7 views

CVE-2015-1052

Cross-site scripting XSS vulnerability in the poll archive in PHPKIT 1.6.6 Build 160014 allows remote attackers to inject arbitrary web script or HTML via the result parameter to uploadfiles/pk/include.php...

4.3CVSS5.9AI score0.00378EPSS

Exploits1References1

OSV•added 2019/05/24 6:29 p.m.•3 views

CVE-2016-10758

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...

8.8CVSS5.9AI score0.00401EPSS

Exploits1References2

Prion•added 2019/05/24 6:29 p.m.•10 views

Design/Logic Flaw

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...

6.5CVSS7.2AI score0.00401EPSS

Exploits1References2Affected Software1

NVD•added 2019/05/24 6:29 p.m.•10 views

CVE-2016-10758

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...

8.8CVSS8.7AI score0.00401EPSS

Exploits1References2

CVE•added 2019/05/24 5:41 p.m.•48 views

CVE-2016-10758

CVE-2016-10758 (PHPKIT 1.6.6) : Affected component is PHPKIT 1.6.6. The vulnerability permits arbitrary file upload via the image_name parameter in pkinc/admin/mediaarchive.php and pkinc/func/default.php. The root cause is improper handling of file uploads, enabling potentially malicious PHP file...

8.8CVSS8.6AI score0.00401EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/05/24 5:41 p.m.•13 views

CVE-2016-10758

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...

8.7AI score0.00401EPSS

Exploits1References2

ripstech•added 2016/12/08 11:0 a.m.•12 views

PHPKit 1.6.6: Code Execution for Privileged Users

RIPS Analysis Within only 24 seconds, the analysis with RIPS completed and uncovered critical security vulnerabilities, mainly in the administration section of the application. As we demonstrated in multiple previous calendar posts, these vulnerabilities can be chained with other vulnerabilities...

7.3AI score

Exploits0

CNVD•added 2015/03/26 12:0 a.m.•1 views

PHPKIT SQL Injection Vulnerability

PHPKIT is a Web-based content management system CMS. The system provides forums, message boards and other modules. A SQL injection vulnerability exists in the PHPKI b-day.php script, which originates from the program failing to adequately filter user-submitted input before constructing SQL query...

7.9AI score

Exploits0References1

NVD•added 2015/01/15 3:59 p.m.•10 views

CVE-2015-1052

4.3CVSS5.7AI score0.00378EPSS

Exploits1References5

Prion•added 2015/01/15 3:59 p.m.•8 views

Cross site scripting

4.3CVSS6.2AI score0.00378EPSS

Exploits1References5Affected Software1

CVE•added 2015/01/15 3:0 p.m.•40 views

CVE-2015-1052

CVE-2015-1052 is a documented XSS vulnerability in PHPKIT 1.6.6 (Build 160014), exploitable via the result parameter to upload_files/pk/include.php. Multiple trusted sources (NVD, Red Hat, CVE listings, CNVD) reiterate that PHPKIT WCMS is affected by a stored/reflected-like XSS in the poll archiv...

4.3CVSS5.9AI score0.00378EPSS

Exploits1References5Affected Software1

Cvelist•added 2015/01/15 3:0 p.m.•15 views

CVE-2015-1052

5.7AI score0.00378EPSS

Exploits1References5

Packet Storm•added 2015/01/13 12:0 a.m.•28 views

CMS PHPKit WCMS 1.6.6 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 Advisory ID: SROEADV-2014-07 Author: Steffen Rösemann Affected Software: CMS PHPKit WCMS v. 1.6.6 Build: 1660014 Vendor URL: http://www.phpkit.com/de/ Vendor Status: did not respond to issue CVE-ID: - ==========================...

7.4AI score

Exploits0

CNVD•added 2015/01/13 12:0 a.m.•1 views

PHPKIT WCMS 'include.php' cross-site scripting vulnerability

PHPKIT WCMS is a web-based content management system CMS. The system provides modules such as forums and message boards. A cross-site scripting vulnerability exists in PHPKIT WCMS, which stems from the program failing to adequately filter user-submitted input. When a user browses the affected sit...

4.3CVSS6.8AI score0.00378EPSS

Exploits1References1

seebug.org•added 2014/07/01 12:0 a.m.•10 views

PHPKit 1.6.1 Comment.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21962/info PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromi...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•21 views

PHPKIT 1.6 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11725/info It is reported that PHPKIT is susceptible to cross-site scripting and SQL injection vulnerabilities. The cross-site scripting issue is present in a parameter of the 'popup.php' script. An attacker can exploit...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•33 views

PHPKit <= 1.6.1 R2 overview.php SQL injection Vulnerability Exploit

No description provided by source. ----------------------------Information------------------------------------------------ +Name : PHPKit = 1.6.1 R2 overview.php SQL injection Vulnerability Exploit +Autor : Easy Laster +Date : 22.10.2010 +Script : PHPKit 1.6.1 R2 +Price : free +Language : PHP...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•19 views

PHPKIT <= 1.6.1R2 (filecheck) Remote Commands Execution Exploit

No description provided by source. ?php ---PHPKIT161r2inclxpl.php 4.27 16/02/2006 PHPKIT = 1.6.1R2 remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: All men ca...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•31 views

PHPKit 1.6.1 Popup.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20911/info PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromi...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by