Phpok : Security Vulnerabilities, CVEs,
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-06-07
Updated
2023-06-13
A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.
Max CVSS
8.8
EPSS Score
0.07%
Published
2023-05-25
Updated
2024-04-11
PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.
Max CVSS
9.8
EPSS Score
0.38%
Published
2023-05-11
Updated
2023-05-17
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
Max CVSS
9.8
EPSS Score
0.14%
Published
2022-10-18
Updated
2022-10-19
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.
Max CVSS
9.8
EPSS Score
0.16%
Published
2022-05-12
Updated
2022-05-23
File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.
Max CVSS
8.8
EPSS Score
0.13%
Published
2023-05-11
Updated
2023-05-19
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.
Max CVSS
7.5
EPSS Score
0.06%
Published
2023-06-20
Updated
2023-06-27
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
Max CVSS
8.8
EPSS Score
0.11%
Published
2021-05-10
Updated
2021-05-18
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.23%
Published
2021-11-02
Updated
2021-11-03
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
Max CVSS
9.1
EPSS Score
0.21%
Published
2021-11-02
Updated
2021-11-03
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.
Max CVSS
7.5
EPSS Score
0.24%
Published
2021-11-02
Updated
2021-11-03
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-02-08
Updated
2021-02-10
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.
Max CVSS
6.5
EPSS Score
0.11%
Published
2019-09-09
Updated
2019-09-10
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-09-09
Updated
2019-09-10
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-12-10
Updated
2019-01-03
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
Max CVSS
8.8
EPSS Score
0.39%
Published
2018-11-26
Updated
2018-12-19
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-08-30
Updated
2018-10-29
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
Max CVSS
7.5
EPSS Score
0.08%
Published
2018-06-15
Updated
2018-07-27
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.
Max CVSS
9.8
EPSS Score
0.25%
Published
2018-06-15
Updated
2018-07-27
PHPOK 4.8.338 has an arbitrary file upload vulnerability.
Max CVSS
9.8
EPSS Score
0.19%
Published
2018-03-22
Updated
2018-04-20
20 vulnerabilities found