VYPR
Unrated severityNVD Advisory· Published Sep 9, 2009· Updated Jun 16, 2026

CVE-2008-7193

CVE-2008-7193

Description

PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.

Affected products

2
  • Phpkit/Phpkit2 versions
    cpe:2.3:a:phpkit:phpkit:1.6.4pl1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:phpkit:phpkit:1.6.4pl1:*:*:*:*:*:*:*
    • (no CPE)range: = 1.6.4 PL1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.