38 matches found
PHPOK 安全漏洞
PHPOK is an enterprise website builder with extended support. A security vulnerability exists in PHPOK v6.3 that stems from the presence of a Remote Code Execution RCE vulnerability...
PT-2022-25610 · Phpok · Phpok
Name of the Vulnerable Software and Affected Versions: Phpok version 6.1 Description: The issue is related to a deserialization vulnerability. It affects the framework/phpok call.php file. Recommendations: For Phpok version 6.1, consider restricting access to the framework/phpok call.php file unt...
phpok buffer overflow vulnerability
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A buffer overflow vulnerability exists in framework/init.php in phpok version 5.1. An attacker can exploit this vulnerability to execute arbitrary code...
phpok directory traversal vulnerability
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A directory traversal vulnerability exists in phpok version 5.1. The vulnerability can be exploited to disclose sensitive information via the title parameter of admin.php...
phpok Arbitrary File Write Vulnerability
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. An arbitrary file write vulnerability exists in the editsavef function in framework/admin/tplcontrol.php in phpok version 5.1. An attacker can exploit this vulnerability to wri...
qinggan phpok 路径遍历漏洞
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A directory traversal vulnerability exists in phpok version 5.1. The vulnerability can be exploited to disclose sensitive information via the title parameter of admin.php...
PHPOK Cross-Site Request Forgery Vulnerability
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A cross-site request forgery vulnerability exists in PHPOK version 5.2.060. An attacker can exploit this vulnerability by executing arbitrary code via admin.php?c=admin&f=save...
PHPOK 跨站请求伪造漏洞
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A cross-site request forgery vulnerability exists in PHPOK version 5.2.060. An attacker can exploit this vulnerability by executing arbitrary code via admin.php?c=admin&f=save...
PHPOK SQL注入漏洞
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. PhpOK 5.4.137 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability by injecting attachment data via SQL and then calling the attachment...
File Upload Vulnerability in PHPOK of Shenzhen Kunshuo Technology Co., Ltd (CNVD-2020-33151)
PHPOK is a set of PHP language and MySQL database written using the enterprise website construction system. Ltd. PHPOK has a file upload vulnerability that can be exploited by attackers to gain control of the web server...
File Upload Vulnerability in Phpok of Shenzhen Kunshuo Technology Co.
PHPOK system hereinafter referred to as OK system is a content management system for website construction developed by Shenzhen Kunshuo Technology Co., Ltd formerly known as PHPOK Studio, written in PHP, using MySQL database storage by default, and based on the LGPL open-source agreement licensed...
Unauthorized Access Vulnerability in PHPOK v5.4.081
PHPOK system is a content management system for website construction developed by Shenzhen KunHuo Technology Co., Ltd formerly known as PHPOK Studio, written in PHP, using MySQL database storage by default, based on the LGPL open source license released to the Internet for shared use. An...
PHPOK d***.in***.php file has an arbitrary file read vulnerability
PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. An arbitrary file read vulnerability exists in the PHPOK d.in.php file. An attacker can construct arbitrary file paths to obtain sensitive information by using a reverse-encoding method...
Stored cross-site scripting vulnerability in PHPOK up***_co***.php file
PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. A stored cross-site scripting vulnerability exists in the PHPOK upco.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading to user hijacking...
PHPOK 5.0.055 suffers from a SQL Injection Vulnerability
PHPOK system is a content management system for website construction developed by Shenzhen 锟铻科技有限公司formerly known as PHPOK Studio. A SQL injection vulnerability exists in PHPOK 5.0.055. The vulnerability is caused by poor filtering of user-submitted parameters. An attacker can exploit this...
CVE-2018-19562
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background Program Upgrade Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive...
CVE-2018-8944
PHPOK 4.8.338 has an arbitrary file upload vulnerability...
phpok csrf添加管理员+后台getshell
简要描述: 版本:4.2.100 看到厂商以前忽略过一个csrf。 CSRF风险在于那些通过基于受信任的输入form和对特定行为无需授权的已认证的用户来执行某些行为的web应用。已经通过被保存在用户浏览器中的cookie进行认证的用户将在完全无知的情况下发送HTTP请求到那个信任他的站点,进而进行用户不愿做的行为。 详细说明: 老问题,一直没修复。 poc: None 然后在编辑文件写入一句话木马就OK了。 文件目录 /tpl/www/ 漏洞证明:...