CVE-2018-19562

2018-11-2607:00:00

mitre

www.cve.org

phpok 4.9.015

remote code execution

zip archive

AI Score

8.9

Confidence

High

EPSS

0.005

Percentile

77.7%

JSON

An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a “Login Background > Program Upgrade > Compressed Packet Upgrade” action in which a .php file is inside a ZIP archive.

References

www.iwantacve.cn/index.php/archives/87/