Описание
Pagekit CMS is vulnerable to OS Command Injection via Storage component
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
The project is archived as of December 1, 2023.
Пакеты
Наименование
pagekit/pagekit
composer
Затронутые версииВерсия исправления
<= 1.0.18
Отсутствует
Связанные уязвимости
CVSS3: 9.9
nvd
около 2 месяцев назад
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.