CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-7193

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/50998
http://www.securityfocus.com/archive/1/487249/100/200/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/40033
http://osvdb.org/50998
http://www.securityfocus.com/archive/1/487249/100/200/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/40033

Products affected by CVE-2008-7193

Phpkit » Phpkit » Version: 1.6.4pl1

cpe:2.3:a:phpkit:phpkit:1.6.4pl1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-7193

Products

Pricing

Contact Us