Phpok
Products
1- 13 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-44867 | 0.02 | — | 0.19 | Sep 10, 2024 | phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. | |||
| CVE-2024-38953 | 0.00 | — | 0.00 | Jul 1, 2024 | phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | |||
| CVE-2023-29881 | 0.00 | — | 0.00 | May 9, 2024 | phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php. | |||
| CVE-2020-21486 | 0.00 | — | 0.00 | Jun 20, 2023 | SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file. | |||
| CVE-2023-33601 | 0.00 | — | 0.00 | Jun 7, 2023 | An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2023-2888 | 0.00 | — | 0.00 | May 25, 2023 | A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. | |||
| CVE-2021-34076 | 0.00 | — | 0.01 | May 11, 2023 | File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | |||
| CVE-2022-40889 | 0.00 | — | 0.00 | Oct 18, 2022 | Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | |||
| CVE-2022-29363 | 0.00 | — | 0.00 | May 12, 2022 | Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files. | |||
| CVE-2018-16142 | 0.00 | — | 0.00 | Aug 30, 2018 | PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. | |||
| CVE-2018-12491 | 0.00 | — | 0.00 | Jun 15, 2018 | PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. | |||
| CVE-2018-12492 | 0.00 | — | 0.00 | Jun 15, 2018 | PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | |||
| CVE-2018-8944 | 0.00 | — | 0.00 | Mar 22, 2018 | PHPOK 4.8.338 has an arbitrary file upload vulnerability. |
- CVE-2024-44867Sep 10, 2024risk 0.02cvss —epss 0.19
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.
- CVE-2024-38953Jul 1, 2024risk 0.00cvss —epss 0.00
phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file.
- CVE-2023-29881May 9, 2024risk 0.00cvss —epss 0.00
phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php.
- CVE-2020-21486Jun 20, 2023risk 0.00cvss —epss 0.00
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.
- CVE-2023-33601Jun 7, 2023risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2023-2888May 25, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.
- CVE-2021-34076May 11, 2023risk 0.00cvss —epss 0.01
File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.
- CVE-2022-40889Oct 18, 2022risk 0.00cvss —epss 0.00
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
- CVE-2022-29363May 12, 2022risk 0.00cvss —epss 0.00
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.
- CVE-2018-16142Aug 30, 2018risk 0.00cvss —epss 0.00
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.
- CVE-2018-12491Jun 15, 2018risk 0.00cvss —epss 0.00
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.
- CVE-2018-12492Jun 15, 2018risk 0.00cvss —epss 0.00
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
- CVE-2018-8944Mar 22, 2018risk 0.00cvss —epss 0.00
PHPOK 4.8.338 has an arbitrary file upload vulnerability.