phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.
CVSS Score
7.5
EPSS Score
0.074
Published
2024-09-10
phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-01
phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-14
SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-06-20
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-07
A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-05-25
PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.
CVSS Score
9.8
EPSS Score
0.021
Published
2023-05-11
File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-05-11
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-18
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-12
Page 1