Back to search
CVE-2006-0785
Published: Feb 19, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1015640
vdb-entry
x_refsource_SECTRACK
http://retrogod.altervista.org/phpkit_161r2_incl_xpl.html
x_refsource_MISC
20060216 PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now