Unrated severityNVD Advisory· Published Nov 16, 2005· Updated Apr 16, 2026

CVE-2005-3553

Description

Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).

Affected products

Phpkit/Phpkit
cpe:2.3:a:phpkit:phpkit:*:rc2:*:*:*:*:*:*
Range: <=1.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.hardened-php.net/advisory_212005.80.htmlnvdExploitVendor Advisory
www.vupen.com/english/advisories/2005/2344nvdVendor Advisory
cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.htmlnvd
secunia.com/advisories/17479nvd
securitytracker.com/idnvd
www.osvdb.org/20560nvd
www.osvdb.org/20561nvd
www.securityfocus.com/bid/15354nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23010nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23013nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000