CVE-2023-29881

Name of the Vulnerable Software and Affected Versions phpok version 6.4.003

Description The issue concerns SQL injection in the index f() function located in phpok64/framework/api/call control.php. This allows for potential exploitation of the SQL injection vulnerability.

Recommendations For phpok version 6.4.003, consider disabling the index f() function as a temporary workaround until a patch is available. Restrict access to the call control.php module to minimize the risk of exploitation. Avoid using vulnerable parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.