Phpok

phpok

23 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (23)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-44867 1Phpok 1Phpok Jul 10, 2025 Sep 10, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.
CVE-2024-38953 1Phpok 1Phpok Mar 20, 2025 Jul 1, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file.
CVE-2023-29881 1Phpok 1Phpok Jun 13, 2025 May 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php.
CVE-2020-21486 1Phpok 1Phpok Dec 9, 2024 Jun 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.
CVE-2023-33601 1Phpok 1Phpok Jan 7, 2025 Jun 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-2888 1Phpok 1Phpok Nov 21, 2024 May 25, 2023 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. I...Show more A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.Show less
CVE-2022-47129 1Phpok 1Phpok Jan 27, 2025 May 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.
CVE-2021-34076 1Phpok 1Phpok Jan 27, 2025 May 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.
CVE-2022-40889 1Phpok 1Phpok May 13, 2025 Oct 18, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
CVE-2022-29363 1Phpok 1Phpok Nov 21, 2024 May 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.
CVE-2020-18440 1Phpok 1Phpok Nov 21, 2024 Nov 2, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.
CVE-2020-18439 1Phpok 1Phpok Nov 21, 2024 Nov 2, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
CVE-2020-18438 1Phpok 1Phpok Nov 21, 2024 Nov 2, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.
CVE-2020-19199 1Phpok 1Phpok Nov 21, 2024 May 10, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
CVE-2020-16629 1Phpok 1Phpok Nov 21, 2024 Feb 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.
CVE-2019-16132 1Phpok 1Oklite Jun 17, 2026 Sep 9, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.
CVE-2019-16131 1Phpok 1Oklite Jun 17, 2026 Sep 9, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
CVE-2018-20006 1Phpok 1Phpok Nov 21, 2024 Dec 10, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).
CVE-2018-19562 1Phpok 1Phpok Nov 21, 2024 Nov 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is...Show more An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.Show less
CVE-2018-16142 1Phpok 1Phpok Nov 21, 2024 Aug 30, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.

12 Next