pagekit/pagekit is vulnerable to password reset and recovery. Attackers are able to reset a registered user’s password when the debug toolbar is enabled. By doing this, attackers are able to recover the password.
CPE | Name | Operator | Version |
---|---|---|---|
pagekit/pagekit | le | 1.0.10 |
www.securityfocus.com/bid/95806
github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b
securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf
securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt
www.exploit-db.com/exploits/41143/