CVE-2005-3553 Information

Description

Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html http://secunia.com/advisories/17479 http://securitytracker.com/id?1015167 http://www.hardened-php.net/advisory_212005.80.html http://www.osvdb.org/20560 http://www.osvdb.org/20561 http://www.securityfocus.com/bid/15354 http://www.vupen.com/english/advisories/2005/2344 https://exchange.xforce.ibmcloud.com/vulnerabilities/23010 https://exchange.xforce.ibmcloud.com/vulnerabilities/23013