An issue exists in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote malicious users to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpok phpok 4.9.015 |