CVE-2017-5594

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5594

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5594.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-5594

Aliases

GHSA-rp89-32rp-qpq2

Published

2017-01-25T18:59:00Z

Modified

2024-05-23T01:12:48.421665Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7PGKT01.

References

Affected packages

Git / github.com/pagekit/pagekit

Affected ranges

Type: GIT
Repo: https://github.com/pagekit/pagekit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e0454f9c037c427a5ff76a57e78dbf8cc00c268b

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.11.0

0.11.1

0.11.2

0.11.3

0.8.8

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

1.*

1.0.0

1.0.1

1.0.10

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9