CVE-2017-5594

HIGH

Pagekit < 1.0.11 - Unauthenticated Password Reset via Debug Toolbar

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5594. PoCs published by Saurabh Banawar.

AI-analyzed exploit summary This exploit leverages a debug log exposure vulnerability in PageKit CMS to extract password reset tokens, allowing an attacker to perform account takeovers if debug mode is enabled.

Description

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Saurabh Banawar · rubywebappsphp
https://www.exploit-db.com/exploits/41143

This exploit leverages a debug log exposure vulnerability in PageKit CMS to extract password reset tokens, allowing an attacker to perform account takeovers if debug mode is enabled.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: PageKit CMS versions prior to 1.0.11
No auth needed
Prerequisites: Debug mode enabled in PageKit CMS · Access to the login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95806
Technical Description, Third Party Advisory x_refsource_misc
https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41143/

Scores

CVSS v3 7.5
EPSS 0.0454
EPSS Percentile 89.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-640
Status published
Products (2)
pagekit/pagekit < 1.0.10
pagekit/pagekit 0 - 1.0.11Packagist
Published Jan 25, 2017
Tracked Since Feb 18, 2026