Vulnerabilities > Phpok > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-11 | CVE-2022-47129 | Unspecified vulnerability in PHPok 6.3 PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | 9.8 |
| 2022-10-18 | CVE-2022-40889 | Deserialization of Untrusted Data vulnerability in PHPok 6.1 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | 9.8 |
| 2022-05-12 | CVE-2022-29363 | Deserialization of Untrusted Data vulnerability in PHPok 6.1 Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. | 9.8 |
| 2021-11-02 | CVE-2020-18439 | Unspecified vulnerability in PHPok 5.1 An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | 9.1 |
| 2021-11-02 | CVE-2020-18440 | Classic Buffer Overflow vulnerability in PHPok 5.1 Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. | 9.8 |
| 2021-02-08 | CVE-2020-16629 | SQL Injection vulnerability in PHPok 5.4.137 PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | 9.8 |
| 2018-06-15 | CVE-2018-12491 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.9.032 PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. | 9.8 |
| 2018-03-22 | CVE-2018-8944 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.8.338 PHPOK 4.8.338 has an arbitrary file upload vulnerability. | 9.8 |