[原文]Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.
PHPKIT contains a flaw that allows remote code execution. This flaw exists because the application does not validate variables upon submission to the scripts utilizing its template engine. This could allow a user to execute remote code, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.