Phpok ≫ Phpok

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php.

phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file.

phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php.

SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file.

A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the ...

PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.

File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.

Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files.