Lucene search
K

195 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.10 views

CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS0.00479EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 3:58 p.m.33 views

CVE-2026-57518 Pagekit CMS 1.0.18 Privilege Escalation via UserApiController

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS0.00479EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 3:58 p.m.11 views

CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation flaw in UserApiController::saveAction(). Authenticated users with the 'user: manage users' permission can assign arbitrary custom roles to themselves, including roles with 'system: manage packages' permission, enabling them to upload and install ...

8.8CVSS6.2AI score0.00479EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:58 p.m.7 views

CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS6.2AI score0.00479EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-6652

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS5.1AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.7 views

CVE-2026-6983

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS4.8AI score0.00273EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/25 4:18 p.m.3 views

Server-side Request Forgery (SSRF)

Overview pagekit/pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url argument in the /index.php/admin/system/update/download process. An attacker can access internal...

5.8CVSS5.8AI score0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/04/25 4:16 p.m.4 views

CVE-2026-6983

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/25 3:15 p.m.5 views

EUVD-2026-25659

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS4.9AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/25 3:15 p.m.6 views

CVE-2026-6983 pagekit download server-side request forgery

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS4.8AI score0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/25 3:15 p.m.38 views

CVE-2026-6983 pagekit download server-side request forgery

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS0.00273EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/25 3:15 p.m.6 views

CVE-2026-6983

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS5AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/04/25 3:15 p.m.14 views

CVE-2026-6983

Pagekit

5.8CVSS4.9AI score0.00273EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/25 12:0 a.m.9 views

Pagekit 代码问题漏洞

Pagekit is a modular and lightweight CMS Content Management System developed under open source. Versions of Pagekit 1.0.18 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of parameters in the files/index.php/admin/system/update/download, which may lead to...

5.8CVSS5.9AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.9 views

PT-2026-35154

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS5.2AI score0.00273EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/20 6:31 p.m.5 views

EUVD-2026-23878

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS5.3AI score0.00244EPSS
Exploits0References5
NVD
NVD
added 2026/04/20 4:16 p.m.12 views

CVE-2026-6652

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS0.00244EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 3:0 p.m.5 views

CVE-2026-6652

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS5.3AI score0.00244EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/20 3:0 p.m.35 views

CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS0.00244EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 3:0 p.m.20 views

CVE-2026-6652

CVE-2026-6652 affects Pagekit CMS up to version 1.0.18. The issue resides in the evaluate function of app/modules/view/src/PhpEngine.php within the StringStorage Template Handler, where improper neutralization of directives in dynamically evaluated code enables remote exploitation. Publicly avail...

5.8CVSS5.3AI score0.00244EPSS
Exploits0References4
Rows per page
Query Builder