CVE-2025-67164

Pagekit CMS v1.0.18 is affected by an authenticated arbitrary file upload vulnerability in the /storage/poc.php component. Uploading a crafted PHP file allows attackers to execute arbitrary code on the server. The root cause is an insecure file upload vector within the storage component, enabling...

Motorola MR2600 License Issues Vulnerability

The Motorola MR2600 is a wireless router from Motorola. An authorization issue vulnerability previously existed in the Motorola MR2600 v1.0.18, which stemmed from a brute-force cracking of the WPS PIN code when in range of a wireless network, allowing unauthorized access to the wireless network...

CVE-2023-41005

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php...

CVE-2020-19699

Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the tag in the upload file page...

CVE-2021-36708

ProLink PRC2402M routers (firmware v1.0.18 and earlier) are affected by CVE-2021-36708 due to a flaw in the set_sys_init function of login.cgi. This allows an attacker to reset the admin password on the router’s administrative interface. The connected documents confirm the vulnerable component an...

CVE-2021-36705

CVE-2021-36705 affects ProLink PRC2402M (V1.0.18 and older). The vulnerability is in the set_TR069 function of the adm.cgi binary, where the TR069 parameter TR069_local_port is passed directly to system, enabling a command injection. This is a network-accessible issue with high impact as describe...

Cross-site scripting in PageKit

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...

CVE-2021-32245

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...

CVE-2021-32245

PageKit CMS is affected by CVE-2021-32245. In PageKit v1.0.18, SVG uploads can contain malicious scripts that are not stripped, allowing an attacker to craft a link to /storage/exp.svg that, when clicked, triggers a cross-site scripting (XSS) payload. The vulnerability is corroborated across mult...

CVE-2021-32245

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that wil...