pagekit/pagekit is vulnerable to cross-site request forgery (CSRF). The application does not properly validate the _csrf
value in the POST request to upload a file, allowing a remote attacker to upload a file on behalf of the user when an authenticated user is tricked into visiting a malicious site that submits a POST request on behalf of the user.
CPE | Name | Operator | Version |
---|---|---|---|
pagekit/pagekit | le | 1.0.17 | |
pagekit/pagekit | le | 1.0.17 |