Vulnerabilities > Phpok
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2020-18440 | Classic Buffer Overflow vulnerability in PHPok 5.1 Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. | 9.8 |
| 2021-05-10 | CVE-2020-19199 | Cross-Site Request Forgery (CSRF) vulnerability in PHPok 5.2.060 A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | 8.8 |
| 2021-02-08 | CVE-2020-16629 | SQL Injection vulnerability in PHPok 5.4.137 PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | 9.8 |
| 2019-09-09 | CVE-2019-16132 | Path Traversal vulnerability in PHPok Oklite 1.2.25 An issue was discovered in OKLite v1.2.25. | 6.5 |
| 2019-09-09 | CVE-2019-16131 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok Oklite 1.2.25 framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | 8.8 |
| 2018-12-10 | CVE-2018-20006 | Cross-site Scripting vulnerability in PHPok 5.0.055 An issue was discovered in PHPok v5.0.055. | 6.1 |
| 2018-11-26 | CVE-2018-19562 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.9.015 An issue was discovered in PHPok 4.9.015. | 8.8 |
| 2018-08-30 | CVE-2018-16142 | Cross-site Scripting vulnerability in PHPok 4.8.278 PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. | 6.1 |
| 2018-06-15 | CVE-2018-12492 | Improper Input Validation vulnerability in PHPok 4.9.032 PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | 7.5 |
| 2018-06-15 | CVE-2018-12491 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.9.032 PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. | 9.8 |