Filtered by vendor Phpok
Subscribe
Total
15 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40889 | 1 Phpok | 1 Phpok | 2022-10-18 | N/A | 9.8 CRITICAL |
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | |||||
CVE-2022-29363 | 1 Phpok | 1 Phpok | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files. | |||||
CVE-2020-18440 | 1 Phpok | 1 Phpok | 2021-11-03 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. | |||||
CVE-2020-18439 | 1 Phpok | 1 Phpok | 2021-11-03 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | |||||
CVE-2020-18438 | 1 Phpok | 1 Phpok | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | |||||
CVE-2020-19199 | 1 Phpok | 1 Phpok | 2021-05-18 | 6.8 MEDIUM | 8.8 HIGH |
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | |||||
CVE-2020-16629 | 1 Phpok | 1 Phpok | 2021-02-10 | 7.5 HIGH | 9.8 CRITICAL |
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | |||||
CVE-2019-16131 | 1 Phpok | 1 Oklite | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | |||||
CVE-2019-16132 | 1 Phpok | 1 Oklite | 2019-09-10 | 5.5 MEDIUM | 6.5 MEDIUM |
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. | |||||
CVE-2018-20006 | 1 Phpok | 1 Phpok | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). | |||||
CVE-2018-19562 | 1 Phpok | 1 Phpok | 2018-12-19 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. | |||||
CVE-2018-16142 | 1 Phpok | 1 Phpok | 2018-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. | |||||
CVE-2018-12491 | 1 Phpok | 1 Phpok | 2018-07-27 | 7.5 HIGH | 9.8 CRITICAL |
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. | |||||
CVE-2018-12492 | 1 Phpok | 1 Phpok | 2018-07-27 | 6.4 MEDIUM | 7.5 HIGH |
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | |||||
CVE-2018-8944 | 1 Phpok | 1 Phpok | 2018-04-20 | 7.5 HIGH | 9.8 CRITICAL |
PHPOK 4.8.338 has an arbitrary file upload vulnerability. |