Password Reset Vulnerability in Pagekit CMS by Pagekit
CVE-2017-5594

7.5HIGH

Key Information:

Vendor

Pagekit

Status
Pagekit
Vendor
CVE Published:
25 January 2017

What is CVE-2017-5594?

A security flaw exists in Pagekit CMS versions prior to 1.0.11 that allows remote attackers to reset user passwords when the debug toolbar is enabled. This vulnerability enables attackers to exploit the password recovery process, potentially compromising user accounts without appropriate authorizations. Security practices should be reviewed to ensure the debug mode is disabled in production environments.

References

http://www.securityfocus.com/bid/95806
vdb-entryx_refsource_BID
https://securelayer7.net/download/poc/password-reset-vuln...
x_refsource_MISC
https://github.com/pagekit/pagekit/commit/e0454f9c037c427...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.