Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7193


Vulnerability Score 6.8 6.8
CVE Id CVE-2008-7193
Last Modified 10 Sep 2009 12:00:00
Published 09 Sep 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.

Vulnerable Systems


  • Phpkit 1.6.4pl1


XF - phpkit-include-csrf(40033)

BUGTRAQ - 20080129 PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities

OSVDB - 50998

Last Updated: 27 May 2016 10:49:30