Phpok
CVE-2018-8944
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
PHPOK 4.8.338 has an arbitrary file upload vulnerability.
AnalysisAI
PHPOK 4.8.338 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Affected products include: Phpok.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Rated critical severity (CVSS 9.8), this vul
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. R
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php
An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary co
A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. Rated high severity (CVSS 8.8), this v
An issue was discovered in PHPok 4.9.015. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. Rated hi
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_co
An issue was discovered in PHPok v5.0.055. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f f
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today