Redeem_Hu

**Name of the Vulnerable Software and Affected Versions** phpok version 6.4.100 **Description** The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability in the "/admin.php?c=upload" API endpoint, specifically the `c` parameter set to `upload`. **Recommendations** For phpok version 6.4.100, update to a version that fixes this issue, as the current version allows for arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HkCms version 2.2.4.230206 **Description** A problematic issue was found in the External Plugin Handler component, affecting an unknown part of the file `/admin.php/appcenter/local.html?type=addon`. This issue leads to code injection and can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For HkCms version 2.2.4.230206, as a temporary workaround, consider restricting access to the `/admin.php/appcenter/local.html?type=addon` endpoint until a patch is available. Additionally, restrict the use of the External Plugin Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.