phpok 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk csrf and バッファオーバーフロー などに関し、一部は アプリケーションクラッシュ を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-44867 | phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. | [email protected] | 7.5 | 19.27% | 2024-09-10 | 2025-07-10 |
| CVE-2024-38953 | phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. | [email protected] | 6.1 | 0.20% | 2024-07-01 | 2025-03-20 |
| CVE-2023-29881 | phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php. | [email protected] | 6.5 | 0.12% | 2024-05-14 | 2025-06-13 |
| CVE-2020-21486 | SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file. | [email protected] | 7.5 | 0.05% | 2023-06-20 | 2024-12-09 |
| CVE-2023-33601 | An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | [email protected] | 8.8 | 0.17% | 2023-06-07 | 2025-01-07 |
| CVE-2023-2888 | A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. | [email protected] | 4.7 | 0.52% | 2023-05-25 | 2024-11-21 |
| CVE-2022-47129 | PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | [email protected] | 9.8 | 2.67% | 2023-05-11 | 2025-01-27 |
| CVE-2021-34076 | File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | [email protected] | 8.8 | 0.56% | 2023-05-11 | 2025-01-27 |
| CVE-2022-40889 | Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | [email protected] | 9.8 | 0.35% | 2022-10-18 | 2025-05-13 |
| CVE-2022-29363 | Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files. | [email protected] | 9.8 | 0.19% | 2022-05-12 | 2024-11-21 |
| CVE-2020-18440 | Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. | [email protected] | 9.8 | 0.99% | 2021-11-02 | 2024-11-21 |
| CVE-2020-18439 | An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. | [email protected] | 9.1 | 0.26% | 2021-11-02 | 2024-11-21 |
| CVE-2020-18438 | Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | [email protected] | 7.5 | 0.43% | 2021-11-02 | 2024-11-21 |
| CVE-2020-19199 | A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code. | [email protected] | 8.8 | 0.12% | 2021-05-10 | 2024-11-21 |
| CVE-2020-16629 | PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path. | [email protected] | 9.8 | 0.26% | 2021-02-08 | 2024-11-21 |
| CVE-2019-16132 | An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. | [email protected] | 6.5 | 6.78% | 2019-09-09 | 2024-11-21 |
| CVE-2019-16131 | framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/. | [email protected] | 8.8 | 16.45% | 2019-09-09 | 2024-11-21 |
| CVE-2018-20006 | An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). | [email protected] | 6.1 | 0.22% | 2018-12-10 | 2024-11-21 |
| CVE-2018-19562 | An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. | [email protected] | 8.8 | 1.25% | 2018-11-26 | 2024-11-21 |
| CVE-2018-16142 | PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. | [email protected] | 6.1 | 0.24% | 2018-08-30 | 2024-11-21 |