CVE-2006-7115 Information

Description

SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php and other unspecified vectors involving guestbook/print.php.

Reference

http://secunia.com/advisories/17479 http://securityreason.com/securityalert/2357 http://www.bb-pcsecurity.de/websecurity/532/org/PHPKit_1.6.1_RC2_(faq-faq.php)_Remote_SQL_Injection_Exploit.htm http://www.osvdb.org/31265 http://www.securityfocus.com/archive/1/451304/100/0/threaded http://www.securityfocus.com/bid/21002 https://exchange.xforce.ibmcloud.com/vulnerabilities/30209