CVE-2016-10758

EUVD-2016-1752
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
phpkitphpkit
1.6.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.ripstech.com/2016/phpkit-code-exection-for-privileged-users/
https://demo.ripstech.com/projects/phpkit_1.6.6
https://blog.ripstech.com/2016/phpkit-code-exection-for-privileged-users/
https://demo.ripstech.com/projects/phpkit_1.6.6