PHPOK Enterprise Building System v5.2.116 SQL Injection Vulnerability in Frontend

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. PHPOK Enterprise Station Building System v5.2.116 has a SQL injection vulnerability in the frontend. An attacker can exploit this vulnerability to obtain sensitive database information...

PHPOK Enterprise Building System v5.2.116 Exists Arbitrary Code Execution Vulnerability

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. PHPOK enterprise website building system v5.2.116 exists arbitrary code execution vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

File upload vulnerability in PHPOK ap***.php

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. A file upload vulnerability exists in PHPOK ap.php, which can be exploited by attackers to gain control of the web server...

Stored cross-site scripting vulnerability in PHPOK up***_co***.php file

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. A stored cross-site scripting vulnerability exists in the PHPOK upco.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading to user hijacking...

PHPOK d***.in***.php file has an arbitrary file read vulnerability

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. An arbitrary file read vulnerability exists in the PHPOK d.in.php file. An attacker can construct arbitrary file paths to obtain sensitive information by using a reverse-encoding method...

Remote Code Execution Vulnerability in PHPOK 5.0.003

PHPOK enterprise station system is a set of enterprise station CMS system developed in PHP + MYSQL language. PHPOK5.0.003 has a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code...

Cross site scripting

An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save reachable via the index.php?id=book URI...

CVE-2018-20006

An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save reachable via the index.php?id=book URI...

CVE-2018-20006

An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save reachable via the index.php?id=book URI...

CVE-2018-20006

An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save reachable via the index.php?id=book URI...

CVE-2018-20006

CVE-2018-20006 affects PHPok v5.0.055. A Stored XSS flaw exists in the title parameter passed to api.php?c=post&f=save, reachable via index.php?id=book. The underlying issue is unencoded user input being stored and subsequently rendered, enabling script execution in a victim’s browser. Public ref...

PHPOK 5.0.055 suffers from a SQL Injection Vulnerability

PHPOK system is a content management system for website construction developed by Shenzhen 锟铻科技有限公司formerly known as PHPOK Studio. A SQL injection vulnerability exists in PHPOK 5.0.055. The vulnerability is caused by poor filtering of user-submitted parameters. An attacker can exploit this...

CVE-2018-19562

An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background Program Upgrade Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive...

CVE-2018-19562

An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background Program Upgrade Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive...

Code injection

An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background Program Upgrade Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive...

CVE-2018-19562

PHPok 4.9.015 is affected. The vulnerability exists in the admin path admin.php?c=update&f=unzip, where a ZIP delivered through the Login Background > Program Upgrade > Compressed Packet Upgrade can contain a .php file, enabling remote code execution. Publicly described by multiple sources ...

CVE-2018-19562

An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background Program Upgrade Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive...

PHPok Arbitrary Code Execution Vulnerability

PHPOK is an enterprise building system that supports expansion. A security vulnerability exists in PHPOK version 4.9.015 on the 'Login Backend Program Upgrade Compressed Package Upgrade' page. A remote attacker can exploit this vulnerability to execute arbitrary code...

File upload vulnerability in PHPOK frontend us***.php file

PHPOK is a set of enterprise station CMS system developed in PHP + MYSQL language. A file upload vulnerability exists in the us.php file in the frontend of PHPOK. Allows attackers to upload webshell and gain server privileges...

PHPOK version 4.9.015 suffers from information leakage vulnerability

PHPOK enterprise station system is a set of enterprise station CMS system developed in PHP + MYSQL language. PHPOK version 4.9.015 suffers from an information leakage vulnerability, which originates from the program saving SESSION in the web directory, which can be exploited by attackers to obtai...