Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPKIT 跨站请求伪造漏洞
Vulnerability Description
PHPKIT 1.6.4 PL1将会话ID包含于URL中,这使得远程攻击者可以通过从HTTP Referer中读取PHPKITSID参数并将其使用在一个请求中,来执行跨站请求伪造攻击。该请求用于(1)修改用户的profile(借助于upload_files/include.php)或(2)创建一个新管理员(借助于upload_files/pk/include.php)。
CVSS Information
N/A
Vulnerability Type
N/A