VYPR
Vendor

Qinggan

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2022-40889CriOct 18, 2022
    risk 0.64cvss 9.8epss 0.01

    Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.

  • CVE-2022-29363CriMay 12, 2022
    risk 0.64cvss 9.8epss 0.01

    Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.

  • CVE-2020-18440CriNov 2, 2021
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.

  • CVE-2020-18439CriNov 2, 2021
    risk 0.59cvss 9.1epss 0.01

    An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.

  • CVE-2020-19199HigMay 10, 2021
    risk 0.57cvss 8.8epss 0.01

    A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.

  • CVE-2018-19562HigNov 26, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.

  • CVE-2020-18438HigNov 2, 2021
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.