CVE-2005-2699 - OpenCVE

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Phpkit	Phpkit

Configuration 1 [-]

cpe:2.3:a:phpkit:phpkit:1.6.1:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=112474427221031&w=2

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-25T04:00:00

Updated: 2016-10-17T13:57:01

Reserved: 2005-08-25T00:00:00

Link: CVE-2005-2699

JSON object: View

NVD Information

Status : Modified

Published: 2005-08-26T15:50:00.000

Modified: 2016-10-18T03:29:34.230

Link: CVE-2005-2699

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112474427221031&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2699", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112474427221031&w=2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2699", "datePublished": "2005-08-25T04:00:00", "dateReserved": "2005-08-25T00:00:00", "dateUpdated": "2016-10-17T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}