Unrated severityNVD Advisory· Published Feb 19, 2006· Updated Jun 16, 2026
CVE-2006-0785
CVE-2006-0785
Description
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions.
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.