VYPR

Pagekit

by Pagekit

Source repositories

CVEs (9)

  • CVE-2017-5594HigJan 25, 2017
    risk 0.45cvss 7.5epss 0.07

    An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.

  • CVE-2026-6983MedApr 25, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is…

  • CVE-2026-6652MedApr 20, 2026
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically…

  • CVE-2025-67164Dec 17, 2025
    risk 0.00cvss epss 0.00

    An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2025-67165Dec 17, 2025
    risk 0.00cvss epss 0.00

    An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.

  • CVE-2024-45967Oct 1, 2024
    risk 0.00cvss epss 0.00

    Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.

  • CVE-2023-41005Aug 28, 2023
    risk 0.00cvss epss 0.01

    An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php

  • CVE-2022-38916Sep 20, 2022
    risk 0.00cvss epss 0.16

    A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files

  • CVE-2021-44135Apr 1, 2022
    risk 0.00cvss epss 0.02

    pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.