VYPR
Vendor

Phpok

Products
1
CVEs
18
Across products
18
Status
Private

Products

1

Recent CVEs

18
  • CVE-2022-47129CriMay 11, 2023
    risk 0.64cvss 9.8epss 0.01

    PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.

  • CVE-2022-40889CriOct 18, 2022
    risk 0.64cvss 9.8epss 0.01

    Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.

  • CVE-2022-29363CriMay 12, 2022
    risk 0.64cvss 9.8epss 0.01

    Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.

  • CVE-2020-16629CriFeb 8, 2021
    risk 0.64cvss 9.8epss 0.01

    PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.

  • CVE-2018-12491CriJun 15, 2018
    risk 0.64cvss 9.8epss 0.02

    PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.

  • CVE-2018-8944CriMar 22, 2018
    risk 0.64cvss 9.8epss 0.01

    PHPOK 4.8.338 has an arbitrary file upload vulnerability.

  • CVE-2023-33601HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2021-34076HigMay 11, 2023
    risk 0.57cvss 8.8epss 0.01

    File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.

  • CVE-2020-19199HigMay 10, 2021
    risk 0.57cvss 8.8epss 0.01

    A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.

  • CVE-2018-19562HigNov 26, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.

  • CVE-2024-44867HigSep 10, 2024
    risk 0.49cvss 7.5epss 0.01

    phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.

  • CVE-2020-21486HigJun 20, 2023
    risk 0.49cvss 7.5epss 0.01

    SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.

  • CVE-2018-12492HigJun 15, 2018
    risk 0.49cvss 7.5epss 0.01

    PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.

  • CVE-2023-29881MedMay 14, 2024
    risk 0.42cvss 6.5epss 0.00

    phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php.

  • CVE-2024-38953MedJul 1, 2024
    risk 0.40cvss 6.1epss 0.00

    phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file.

  • CVE-2018-20006MedDec 10, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).

  • CVE-2018-16142MedAug 30, 2018
    risk 0.40cvss 6.1epss 0.01

    PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.

  • CVE-2023-2888MedMay 25, 2023
    risk 0.31cvss 4.7epss 0.01

    A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The…