Shodan
Vulnerabilities
Vulnerable Software
Phpok:  Security Vulnerabilities
CVE-2020-18438
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-02
CVE-2020-18439
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-11-02
CVE-2020-18440
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-11-02
CVE-2020-19199
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-05-10
CVE-2020-16629
PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-02-08
CVE-2019-16131
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
CVSS Score
8.8
EPSS Score
0.171
Published
2019-09-09
CVE-2019-16132
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.
CVSS Score
6.5
EPSS Score
0.071
Published
2019-09-09
CVE-2018-20006
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-10
CVE-2018-19562
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
CVSS Score
8.8
EPSS Score
0.013
Published
2018-11-26
CVE-2018-16142
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved