Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pagekit pagekit vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-5594
An issue exists in Pagekit CMS prior to 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
Pagekit Pagekit
1 EDB exploit
3.5
CVSSv2
CVE-2018-11564
Stored XSS in YOOtheme Pagekit 1.0.13 and previous versions allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stri...
Pagekit Pagekit
1 EDB exploit
1 Github repository
5.8
CVSSv2
CVE-2018-14381
Pagekit prior to 1.0.14 has a /user/login?redirect= open redirect vulnerability.
Pagekit Pagekit
10
CVSSv2
CVE-2021-44135
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.
Pagekit Pagekit
NA
CVE-2023-41005
An issue in Pagekit pagekit v.1.0.18 alows a remote malicious user to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
Pagekit Pagekit 1.0.18
NA
CVE-2022-38916
A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an malicious user to upload malicious files
Pagekit Pagekit 1.0.18
5
CVSSv2
CVE-2019-16669
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for malicious users to enumerate accounts.
Pagekit Pagekit 1.0.17
NA
CVE-2022-36573
A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.
Pagekit Pagekit 1.0.18
3.5
CVSSv2
CVE-2021-32245
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/sto...
Pagekit Pagekit 1.0.18
6.8
CVSSv2
CVE-2019-19013
A CSRF vulnerability in Pagekit 1.0.17 allows an malicious user to upload an arbitrary file by removing the CSRF token from a request.
Pagekit Pagekit 1.0.17
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »