📦 Phpok

PHPOK v6.3 contains a remote code execution vulnerability (CWE-94: Improper Control of Generation of Code) that allows attackers to execute arbitrary code on affected systems. This affects all install...

CVE-2022-29363 is a critical deserialization vulnerability in Phpok v6.1 that allows unauthenticated attackers to execute arbitrary code by writing malicious files to the server. This affects all syst...

This vulnerability in phpok 5.1 allows attackers to write arbitrary files to the server through the edit_save_f function in the admin panel. Successful exploitation could lead to remote code execution...

CVE-2020-16629 is a critical SQL injection vulnerability in PhpOK CMS that allows attackers to inject malicious SQL through attachment data, then use the attachment replacement function to write arbit...

CVE-2024-44867 is an arbitrary file read vulnerability in phpok v3.0 that allows attackers to read sensitive files on the server through the /autoload/file.php component. This affects all deployments ...

CVE-2020-21486 is an SQL injection vulnerability in PHPOK v.5.4 that allows remote attackers to extract sensitive information from the database. The vulnerability exists in the _userlist function with...

This vulnerability allows attackers to upload arbitrary PHP files through the admin upload functionality in phpok v6.4.100, leading to remote code execution. Any organization running the affected phpo...

This directory traversal vulnerability in phpok 5.1 allows attackers to access sensitive files outside the intended directory via the title parameter in admin.php. It affects all installations of phpo...

CVE-2023-29881 is an SQL injection vulnerability in phpok 6.4.003 that allows attackers to execute arbitrary SQL commands through the index_f() function. This affects all users running the vulnerable ...