[原文]Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
PHPKIT include.php path Parameter Local File Inclusion
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
PHPKIT contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to its subsystem not properly sanitizing user input supplied to the "path" variable. This may allow a remote attacker to send a specially-crafted URL to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.