1. Home
  2. CVE Database
  3. CVE-2005-2699
MEDIUM · 4.6

CVE-2005-2699

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ direc...

Vulnerability Description

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
PhpkitPhpkit1.6.1

References

FAQ

What is CVE-2005-2699?

CVE-2005-2699 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ direc...

How severe is CVE-2005-2699?

CVE-2005-2699 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-2699?

Check the references section above for vendor advisories and patch information. Affected products include: Phpkit Phpkit.