Vulnerabilities > Phpok

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-38953 Cross-site Scripting vulnerability in PHPok 6.4.003
phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file.
network
low complexity
phpok CWE-79
6.1
2023-06-20 CVE-2020-21486 SQL Injection vulnerability in PHPok 5.4
SQL injection vulnerability in PHPOK v.5.4.
network
low complexity
phpok CWE-89
7.5
2023-06-07 CVE-2023-33601 Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 6.4.100
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
phpok CWE-434
8.8
2023-05-25 CVE-2023-2888 Unspecified vulnerability in PHPok 6.4.100
A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100.
network
low complexity
phpok
8.8
2023-05-11 CVE-2022-47129 Unspecified vulnerability in PHPok 6.3
PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.
network
low complexity
phpok
critical
9.8
2023-05-11 CVE-2021-34076 Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 5.7.140
File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.
network
low complexity
phpok CWE-434
8.8
2022-10-18 CVE-2022-40889 Deserialization of Untrusted Data vulnerability in PHPok 6.1
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
network
low complexity
phpok CWE-502
critical
9.8
2022-05-12 CVE-2022-29363 Deserialization of Untrusted Data vulnerability in PHPok 6.1
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php.
network
low complexity
phpok CWE-502
critical
9.8
2021-11-02 CVE-2020-18438 Path Traversal vulnerability in PHPok 5.1
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.
network
low complexity
phpok CWE-22
7.5
2021-11-02 CVE-2020-18439 Unspecified vulnerability in PHPok 5.1
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
network
low complexity
phpok
critical
9.1