Vulnerabilities > Phpok > Phpok
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-10 | CVE-2020-19199 | Cross-Site Request Forgery (CSRF) vulnerability in PHPok 5.2.060 A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | 6.8 |
| 2021-02-08 | CVE-2020-16629 | SQL Injection vulnerability in PHPok 5.4.137 PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | 7.5 |
| 2018-12-10 | CVE-2018-20006 | Cross-site Scripting vulnerability in PHPok 5.0.055 An issue was discovered in PHPok v5.0.055. | 4.3 |
| 2018-11-26 | CVE-2018-19562 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.9.015 An issue was discovered in PHPok 4.9.015. | 6.8 |
| 2018-08-30 | CVE-2018-16142 | Cross-site Scripting vulnerability in PHPok 4.8.278 PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. | 4.3 |
| 2018-06-15 | CVE-2018-12492 | Improper Input Validation vulnerability in PHPok 4.9.032 PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | 6.4 |
| 2018-06-15 | CVE-2018-12491 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.9.032 PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. | 7.5 |
| 2018-03-22 | CVE-2018-8944 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.8.338 PHPOK 4.8.338 has an arbitrary file upload vulnerability. | 7.5 |