Deserialization of untrusted data

2022-05-1218:16:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.

CPENameOperatorVersion
phpokeq6.1

CPE	Name	Operator	Version
	phpok	eq	6.1

References

github.com/qinggan/phpok/issues/12