CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload=zip&noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was...

8.8CVSS6.8AI score0.00484EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:2 a.m.•6 views

CVE-2023-33601

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS7.8AI score0.0074EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:39 a.m.•6 views

CVE-2022-40889

Phpok 6.1 has a deserialization vulnerability via framework/phpokcall.php...

9.8CVSS7AI score0.00277EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:25 a.m.•5 views

CVE-2022-47129

PHPOK v6.3 was discovered to contain a remote code execution RCE vulnerability...

9.8CVSS8.3AI score0.02675EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:13 p.m.•6 views

CVE-2022-29363

Phpok v6.1 was discovered to contain a deserialization vulnerability via the updatef function in logincontrol.php. This vulnerability allows attackers to getshell via writing arbitrary files...

9.8CVSS7.5AI score0.00204EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:33 p.m.•5 views

CVE-2021-34076

File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload...

8.8CVSS7.7AI score0.00557EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:29 p.m.•5 views

CVE-2020-21486

SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the userlist function in framerwork/phpokcall.php file...

7.5CVSS7.4AI score0.00052EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:28 p.m.•5 views

CVE-2020-19199

A Cross Site Request Forgery CSRF vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin=save, which could let a remote malicious user execute arbitrary code...

8.8CVSS7.8AI score0.00119EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:8 p.m.•5 views

CVE-2020-18440

Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code...

9.8CVSS7.8AI score0.00993EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:16 p.m.•4 views

CVE-2020-18439

An issue was discoverered in in function editsavef in framework/admin/tplcontrol.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell...

9.1CVSS7AI score0.00257EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:15 p.m.•3 views

CVE-2020-16629

PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path...

9.8CVSS8AI score0.00264EPSS

Exploits1

RedhatCVE•added 2025/05/22 7:57 a.m.•11 views

CVE-2018-8944

PHPOK 4.8.338 has an arbitrary file upload vulnerability...

9.8CVSS7.1AI score0.00411EPSS

Exploits0References1

RedhatCVE•added 2025/02/14 10:21 a.m.•6 views

CVE-2023-29881

phpok 6.4.003 is vulnerable to SQL injection in the function indexf in phpok64/framework/api/callcontrol.php...

6.5CVSS7.8AI score0.0013EPSS

Exploits1References1