Skip to main content

Phpok

12 CVEs product

Monthly

CVE-2024-44867 HIGH POC This Week

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Phpok
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-38953 MEDIUM POC This Month

phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpok
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-33601 HIGH POC This Week

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Phpok
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2888 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-40889 CRITICAL POC Act Now

Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Phpok
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29363 CRITICAL POC Act Now

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Phpok
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2018-20006 MEDIUM POC This Month

An issue was discovered in PHPok v5.0.055. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpok
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-19562 HIGH POC This Week

An issue was discovered in PHPok 4.9.015. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Phpok
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-16142 MEDIUM POC This Month

PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpok
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12492 HIGH POC This Week

PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Phpok
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-12491 CRITICAL POC Act Now

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-8944 CRITICAL Act Now

PHPOK 4.8.338 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Phpok
NVD
CVSS 3.0
9.8
EPSS
1.2%
EPSS 1% CVSS 7.5
HIGH POC This Week

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Phpok
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpok
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Phpok
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Phpok
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in PHPok v5.0.055. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpok
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered in PHPok 4.9.015. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpok
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Phpok
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

PHPOK 4.8.338 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Phpok
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy