An issue in Pagekit pagekit v.1.0.18 alows a remote malicious user to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
pagekit pagekit 1.0.18