Pagekit
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5594 | Hig | 0.45 | 7.5 | 0.07 | Jan 25, 2017 | An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01. | ||
| CVE-2026-6983 | Med | 0.31 | 4.7 | 0.00 | Apr 25, 2026 | A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is… | ||
| CVE-2026-6652 | Med | 0.31 | 4.7 | 0.00 | Apr 20, 2026 | A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically… | ||
| CVE-2025-67165 | 0.00 | — | 0.00 | Dec 17, 2025 | An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges. | |||
| CVE-2025-67164 | 0.00 | — | 0.00 | Dec 17, 2025 | An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||
| CVE-2024-45967 | 0.00 | — | 0.00 | Oct 1, 2024 | Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. | |||
| CVE-2023-41005 | 0.00 | — | 0.01 | Aug 28, 2023 | An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php | |||
| CVE-2022-38916 | 0.00 | — | 0.16 | Sep 20, 2022 | A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files | |||
| CVE-2021-44135 | 0.00 | — | 0.02 | Apr 1, 2022 | pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. |
- risk 0.45cvss 7.5epss 0.07
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
- risk 0.31cvss 4.7epss 0.00
A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is…
- risk 0.31cvss 4.7epss 0.00
A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically…
- CVE-2025-67165Dec 17, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
- CVE-2025-67164Dec 17, 2025risk 0.00cvss —epss 0.00
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
- CVE-2024-45967Oct 1, 2024risk 0.00cvss —epss 0.00
Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.
- CVE-2023-41005Aug 28, 2023risk 0.00cvss —epss 0.01
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
- CVE-2022-38916Sep 20, 2022risk 0.00cvss —epss 0.16
A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
- CVE-2021-44135Apr 1, 2022risk 0.00cvss —epss 0.02
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.