Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3553

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3553
Last Modified 06 Sep 2011 12:00:00
Published 16 Nov 2005 02:42:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3553

Summary

Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).

Vulnerable Systems

Application

  • Phpkit 1.6.1


References

XF - phpkit-phpkitsid-sql-injection(23013)

XF - phpkit-userinfo-sql-injection(23010)

VUPEN - ADV-2005-2344

BID - 15354

OSVDB - 20561

OSVDB - 20560

MISC - http://www.hardened-php.net/advisory_212005.80.html

SECTRACK - 1015167

SECUNIA - 17479

BUGTRAQ - 20051105 Advisory 21/2005: Multiple vulnerabilities in PHPKIT


Last Updated: 27 May 2016 10:40:58