PHPKit 1.6.6: Code Execution for Privileged Users

8 Dec 2016 by Martin Bednorz


Today’s gift in our advent calendar contains PHPKit, a German web content management system in development since early 2002. With its ~42,000 lines of code it is a rather small application and the latest version is 1.6.6. This post describes two severe vulnerabilities in the administration section that require a minimal user permission for exploitation.

Read More ...