Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Phpok Subscribe
Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40889 1 Phpok 1 Phpok 2022-10-18 N/A 9.8 CRITICAL
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
CVE-2022-29363 1 Phpok 1 Phpok 2022-05-23 7.5 HIGH 9.8 CRITICAL
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.
CVE-2020-18440 1 Phpok 1 Phpok 2021-11-03 7.5 HIGH 9.8 CRITICAL
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.
CVE-2020-18439 1 Phpok 1 Phpok 2021-11-03 6.4 MEDIUM 9.1 CRITICAL
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
CVE-2020-18438 1 Phpok 1 Phpok 2021-11-03 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.
CVE-2020-19199 1 Phpok 1 Phpok 2021-05-18 6.8 MEDIUM 8.8 HIGH
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
CVE-2020-16629 1 Phpok 1 Phpok 2021-02-10 7.5 HIGH 9.8 CRITICAL
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
CVE-2019-16131 1 Phpok 1 Oklite 2019-09-10 6.5 MEDIUM 8.8 HIGH
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
CVE-2019-16132 1 Phpok 1 Oklite 2019-09-10 5.5 MEDIUM 6.5 MEDIUM
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.
CVE-2018-20006 1 Phpok 1 Phpok 2019-01-03 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).
CVE-2018-19562 1 Phpok 1 Phpok 2018-12-19 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
CVE-2018-16142 1 Phpok 1 Phpok 2018-10-29 4.3 MEDIUM 6.1 MEDIUM
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.
CVE-2018-12491 1 Phpok 1 Phpok 2018-07-27 7.5 HIGH 9.8 CRITICAL
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.
CVE-2018-12492 1 Phpok 1 Phpok 2018-07-27 6.4 MEDIUM 7.5 HIGH
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
CVE-2018-8944 1 Phpok 1 Phpok 2018-04-20 7.5 HIGH 9.8 CRITICAL
PHPOK 4.8.338 has an arbitrary file upload vulnerability.