Vulnerabilities > Phpok
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-38953 | Cross-site Scripting vulnerability in PHPok 6.4.003 phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | 6.1 |
| 2023-06-20 | CVE-2020-21486 | SQL Injection vulnerability in PHPok 5.4 SQL injection vulnerability in PHPOK v.5.4. | 7.5 |
| 2023-06-07 | CVE-2023-33601 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 6.4.100 An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 |
| 2023-05-25 | CVE-2023-2888 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 6.4.100 A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. | 8.8 |
| 2023-05-11 | CVE-2022-47129 | Unspecified vulnerability in PHPok 6.3 PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | 9.8 |
| 2023-05-11 | CVE-2021-34076 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 5.7.140 File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | 8.8 |
| 2022-10-18 | CVE-2022-40889 | Deserialization of Untrusted Data vulnerability in PHPok 6.1 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | 9.8 |
| 2022-05-12 | CVE-2022-29363 | Deserialization of Untrusted Data vulnerability in PHPok 6.1 Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. | 9.8 |
| 2021-11-02 | CVE-2020-18438 | Path Traversal vulnerability in PHPok 5.1 Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | 7.5 |
| 2021-11-02 | CVE-2020-18439 | Unspecified vulnerability in PHPok 5.1 An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | 9.1 |