Passer6Y

Name of the Vulnerable Software and Affected Versions: qinggan phpok version 5.1 Description: The issue allows attackers to disclose sensitive information through a directory traversal vulnerability. This is achieved by exploiting the `title` parameter in the "admin.php" endpoint. Recommendations: For qinggan phpok version 5.1, consider restricting access to the "admin.php" endpoint until a patch is available. As a temporary workaround, avoid using the `title` parameter in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: qinggan phpok version 5.1 Description: An issue was discovered in the `edit save f` function in `framework/admin/tpl control.php`, allowing attackers to write arbitrary files or get a shell. Recommendations: For qinggan phpok version 5.1, consider disabling the `edit save f` function in `framework/admin/tpl control.php` until a patch is available to prevent attackers from writing arbitrary files or getting a shell.

Name of the Vulnerable Software and Affected Versions: qinggan phpok version 5.1 Description: A buffer overflow issue in the framework/init.php file allows attackers to execute arbitrary code. Recommendations: For qinggan phpok version 5.1, update to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.