CVE-2019-19013 – Pagekit CMS 1.0.17 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-19013
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request. Una vulnerabilidad de tipo CSRF en Pagekit versión 1.0.17, permite a un atacante cargar un archivo arbitrario al eliminar el token CSRF de una petición. Pagekit CMS version 1.0.17 suffers from a cross site request forgery vulnerability. • https://packetstormsecurity.com/files/155426/Pagekit-CMS-1.0.17-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-16669
https://notcve.org/view.php?id=CVE-2019-16669
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. La funcionalidad Reset Password en Pagekit versión 1.0.17 ofrece una respuesta diferente dependiendo de si la dirección de correo electrónico de una cuenta de usuario válida es ingresada, lo que podría facilitar a atacantes enumerar cuentas. • https://github.com/pagekit/pagekit/issues/935 • CWE-203: Observable Discrepancy •
CVE-2018-14381
https://notcve.org/view.php?id=CVE-2018-14381
Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. Pagekit, en versiones anteriores a la 1.0.14, tiene una vulnerabilidad de redirección abierta en /user/login?redirect=. • https://github.com/pagekit/pagekit/issues/905 https://github.com/pagekit/pagekit/releases/tag/1.0.14 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-11564 – Pagekit < 1.0.13 - Cross-Site Scripting Code Generator
https://notcve.org/view.php?id=CVE-2018-11564
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. • https://www.exploit-db.com/exploits/44837 https://github.com/GeunSam2/CVE-2018-11564 http://ruffsecurity.blogspot.com/2018/05/my-first-cve-found.html https://packetstormsecurity.com/files/148001/PageKit-CMS-1.0.13-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-5594 – PageKit 1.0.10 - Password Reset
https://notcve.org/view.php?id=CVE-2017-5594
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01. Se descubrió un problema en Pagekit CMS en versiones anteriores a 1.0.11. • https://www.exploit-db.com/exploits/41143 http://www.securityfocus.com/bid/95806 https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •