Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7193

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-7193
Last Modified 10 Sep 2009 12:00:00
Published 09 Sep 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7193

Summary

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.

Vulnerable Systems

Application

  • Phpkit 1.6.4pl1


References

XF - phpkit-include-csrf(40033)

BUGTRAQ - 20080129 PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities

OSVDB - 50998


Last Updated: 27 May 2016 10:49:30