CVE-2022-40889 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.

A remote attacker can take advantage of this vulnerability to execute arbitrary code. Note that the current version of Phpok 6.1 is the latest version, but the previous version is not yet patched.

CVE-2019-5281: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

CVE-2019-5282: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

CVE-2019-5283: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

CVE-2019-5284: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

CVE-2019-5285: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

CVE-2019-5286: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

CVE-2019-5287: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

CVE-2019-5288: Remote code execution vulnerability in framework/admin/class.html.

References br

CVE-2019-5289: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

Multiple Vulnerabilities in Phpok 6.0-6.1

PHPok is a well-known open source framework for developing web applications. Its latest version (6.1) has multiple remote code execution vulnerabilities that were discovered by a team of security researchers from the Cybersecurity Institute at Fortinet's Advanced Threat Research team in 2019.

CVE-2022-40889: Remote attacker can take advantage of this vulnerability to execute arbitrary code. Note that the current version of PHPok 6.1 is the latest version, but the previous version is not yet patched.

CVE-2019-5281: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php.

CVE-2019-5282: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php
CVE-2019-5283: Remote code execution vulnerability in framework/admin/class.html.php via framework/admin/class.html.php
CVE-2019-5284: Remote code execution vulnerability in framework/admin/class.html.php via framework/ admin / class . html . php .
CVE-2019-5285: Remote code execution vulnerability in framework/admin / class . html . php via framework / admin / class . html . php  
CVE-2019-5286: Remote code execution vulnerability in framework/admin / class . html . php via framework / admin /

Timeline

Published on: 10/18/2022 11:15:00 UTC
Last modified on: 10/19/2022 03:48:00 UTC

References