Vulnerabilities > Phpok > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-38953 | Cross-site Scripting vulnerability in PHPok 6.4.003 phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | 6.1 |
| 2021-11-02 | CVE-2020-18438 | Path Traversal vulnerability in PHPok 5.1 Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | 5.0 |
| 2021-11-02 | CVE-2020-18439 | Unspecified vulnerability in PHPok 5.1 An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | 6.4 |
| 2021-05-10 | CVE-2020-19199 | Cross-Site Request Forgery (CSRF) vulnerability in PHPok 5.2.060 A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | 6.8 |
| 2019-09-09 | CVE-2019-16132 | Path Traversal vulnerability in PHPok Oklite 1.2.25 An issue was discovered in OKLite v1.2.25. | 5.5 |
| 2019-09-09 | CVE-2019-16131 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok Oklite 1.2.25 framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | 6.5 |
| 2018-12-10 | CVE-2018-20006 | Cross-site Scripting vulnerability in PHPok 5.0.055 An issue was discovered in PHPok v5.0.055. | 4.3 |
| 2018-11-26 | CVE-2018-19562 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 4.9.015 An issue was discovered in PHPok 4.9.015. | 6.8 |
| 2018-08-30 | CVE-2018-16142 | Cross-site Scripting vulnerability in PHPok 4.8.278 PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. | 4.3 |
| 2018-06-15 | CVE-2018-12492 | Improper Input Validation vulnerability in PHPok 4.9.032 PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | 6.4 |