Server-side Request Forgery (SSRF)

Overview pagekit/pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url argument in the /index.php/admin/system/update/download process. An attacker can access internal...

EUVD-2026-23878

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

CVE-2026-6652

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

PT-2026-33782

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

CVE-2025-67164

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file...

Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component

An Insecure Direct Object Reference IDOR in Pagekit CMS v1.0.18 allows attackers to escalate privileges. The project was archived as of December 1, 2023...

GHSA-W3J8-9P3J-3WJX Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component

An Insecure Direct Object Reference IDOR in Pagekit CMS v1.0.18 allows attackers to escalate privileges. The project was archived as of December 1, 2023...

GHSA-M4F2-XPFQ-H97V Pagekit CMS is vulnerable to OS Command Injection via Storage component

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...

Pagekit CMS is vulnerable to OS Command Injection via Storage component

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...

CVE-2025-67165

An Insecure Direct Object Reference IDOR in Pagekit CMS v1.0.18 allows attackers to escalate privileges...

CVE-2025-67164

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-67165

The CVE-2025-67165 entry concerns Pagekit CMS v1.0.18 with an Insecure Direct Object Reference (IDOR) in the User Role component that can lead to privilege escalation. The Root Cause described across sources is insufficient access control, enabling a crafted request (notably via the /api/user/rol...

CVE-2025-67165

An Insecure Direct Object Reference IDOR in Pagekit CMS v1.0.18 allows attackers to escalate privileges...

PT-2025-51846

Name of the Vulnerable Software and Affected Versions Pagekit CMS version 1.0.18 Description An Insecure Direct Object Reference IDOR exists in Pagekit CMS version 1.0.18, potentially allowing attackers to escalate privileges. An IDOR occurs when an application uses user-supplied input to directl...

EUVD-2022-6603

Malicious code in bioql PyPI...

EUVD-2022-5208

Malicious code in bioql PyPI...

CVE-2022-36573

A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...

Cross-site Scripting (XSS)

Overview pagekit/pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the index.php/admin/site/widget endpoint. Details Cross-site scripting or XSS is a code vulnerability that occurs wh...