CVE-2018-12491

Name of the Vulnerable Software and Affected Versions PHPOK version 4.9.032

Description The issue is related to an arbitrary file upload vulnerability in the import f function located in framework/admin/modulec control.php. This can be exploited by uploading a .php file within a .php.zip archive.

Recommendations For PHPOK version 4.9.032, consider restricting access to the import f function in framework/admin/modulec control.php to minimize the risk of exploitation. Additionally, avoid uploading archives that may contain executable files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.