Vulnerabilities > CVE-2022-29363 - Deserialization of Untrusted Data vulnerability in PHPok 6.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phpok
CWE-502

Summary

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.

Vulnerable Configurations

Part Description Count
Application
Phpok
1

Common Weakness Enumeration (CWE)