Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Phpok
(Phpok)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-25 | CVE-2023-2888 | A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. | Phpok | 8.8 | ||
| 2023-06-20 | CVE-2020-21486 | SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file. | Phpok | 7.5 | ||
| 2023-06-07 | CVE-2023-33601 | An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | Phpok | 8.8 | ||
| 2023-05-11 | CVE-2021-34076 | File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | Phpok | 8.8 | ||
| 2023-05-11 | CVE-2022-47129 | PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | Phpok | 9.8 | ||
| 2022-10-18 | CVE-2022-40889 | Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | Phpok | 9.8 | ||
| 2022-05-12 | CVE-2022-29363 | Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files. | Phpok | 9.8 | ||
| 2021-11-02 | CVE-2020-18438 | Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | Phpok | 7.5 | ||
| 2021-11-02 | CVE-2020-18439 | An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | Phpok | 9.1 | ||
| 2021-11-02 | CVE-2020-18440 | Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. | Phpok | 9.8 |