CVE-2026-6983 pagekit download server-side request forgery

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

CVE-2024-45967

Pagekit 1.0.18 is vulnerable to Cross Site Scripting XSS in index.php/admin/site/widget...

CVE-2023-41005

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php...

CVE-2021-44135

pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing...

CVE-2019-16669

The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts...

Pagekit 安全漏洞

Pagekit is a modular, lightweight CMS Content Management System. A security vulnerability exists in Pagekit version v.1.0.18, which originated from allowing remote attackers to execute arbitrary code via the downloadAction and updateAction functions in UpdateController.php...

CVE-2022-38916

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files...

Design/Logic Flaw

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...