A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was...
8.8CVSS
8.7AI Score
0.001EPSS
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php...
7.5CVSS
7.5AI Score
0.001EPSS
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP...
8.8CVSS
8.8AI Score
0.001EPSS
File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file...
8.8CVSS
8.9AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.009EPSS
9.8CVSS
9.4AI Score
0.002EPSS
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to...
9.8CVSS
9.5AI Score
0.003EPSS
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP...
8.8CVSS
8.9AI Score
0.004EPSS
9.8CVSS
9.5AI Score
0.002EPSS
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary...
9.8CVSS
9.4AI Score
0.002EPSS
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary...
9.8CVSS
9.7AI Score
0.003EPSS
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to...
7.5CVSS
7.4AI Score
0.004EPSS
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a...
9.1CVSS
9.1AI Score
0.003EPSS
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary...
8.8CVSS
8.9AI Score
0.001EPSS
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target...
9.8CVSS
9.7AI Score
0.002EPSS
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted...
6.5CVSS
6.4AI Score
0.001EPSS
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to...
8.8CVSS
8.4AI Score
0.001EPSS
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book...
6.1CVSS
5.8AI Score
0.001EPSS
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f...
6.1CVSS
5.9AI Score
0.001EPSS