CVE-2017-5594

HIGH

Pagekit < 1.0.10 - Password Reset Weakness

Title source: rule

Description

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Saurabh Banawar · rubywebappsphp

https://www.exploit-db.com/exploits/41143

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95806

[Patch] https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b

[Technical Description, Third Party Advisory] https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf

[Exploit, Third Party Advisory] https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/41143/

Scores

CVSS v3 7.5

EPSS 0.0496

EPSS Percentile 89.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-640

Status draft

Affected Products (2)

pagekit/pagekit < 1.0.10

pagekit/pagekit < 1.0.11Packagist

Timeline

Published Jan 25, 2017

Tracked Since Feb 18, 2026