Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
222062.9%CRITICAL

Related CVEs

22
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-44867phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.HIGH7.559.0%Sep 10, 2024
CVE-2023-29881phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php.MEDIUM6.533.3%May 14, 2024
CVE-2020-21486SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.HIGH7.554.2%Jun 20, 2023
CVE-2023-33601An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.HIGH8.8Jun 7, 2023
CVE-2023-2888A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.HIGH8.848.3%May 25, 2023
CVE-2022-47129PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.CRITICAL9.864.1%May 11, 2023
CVE-2021-34076File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.HIGH8.854.1%May 11, 2023
CVE-2022-40889Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.CRITICAL9.8Oct 18, 2022
CVE-2022-29363Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.CRITICAL9.8May 12, 2022
CVE-2020-18440Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.CRITICAL9.872.9%Nov 2, 2021
CVE-2020-18439An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.CRITICAL9.157.6%Nov 2, 2021
CVE-2020-18438Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.HIGH7.572.9%Nov 2, 2021
CVE-2020-19199A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.HIGH8.855.6%May 10, 2021
CVE-2020-16629PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.CRITICAL9.869.9%Feb 8, 2021
CVE-2019-16132An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.MEDIUM6.592.5%Sep 9, 2019
CVE-2019-16131framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.HIGH8.892.9%Sep 9, 2019
CVE-2018-20006An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).NONE44.9%Dec 10, 2018
CVE-2018-19562An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.NONE80.4%Nov 26, 2018
CVE-2018-16142PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.NONE48.2%Aug 30, 2018
CVE-2018-12492PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.NONE56.0%Jun 15, 2018