Lucene search
Veracode Vulnerability DatabaseVERACODE:22012HistoryNov 25, 2019 - 2:06 a.m.
Cross-Site Request Forgery (CSRF)
2019-11-2502:06:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
46.3%
pagekit/pagekit is vulnerable to cross-site request forgery (CSRF). The application does not properly validate the _csrf value in the POST request to upload a file, allowing a remote attacker to upload a file on behalf of the user when an authenticated user is tricked into visiting a malicious site that submits a POST request on behalf of the user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pagekit/pagekit | le | 1.0.17 | |
| pagekit/pagekit | le | 1.0.17 |
Related
cvelist
cvelist
CVE-2019-19013
2019-11-22 15:55:19
github
github
Pagekit File Upload vulnerability
2022-05-24 17:01:48
osv
osv
Pagekit File Upload vulnerability
2022-05-24 17:01:48
CVE-2019-19013
2019-11-22 16:15:12
prion
prion
Cross site request forgery (csrf)
2019-11-22 16:15:00
nvd
nvd
CVE-2019-19013
2019-11-22 16:15:12
packetstorm
packetstorm
Pagekit CMS 1.0.17 Cross Site Request Forgery
2019-11-21 00:00:00
cve
cve
CVE-2019-19013
2019-11-22 16:15:12