Arbitrary Code Execution in Pagekit by Pagekit Inc.
CVE-2023-41005

7.8HIGH

Key Information:

Vendor: Pagekit
Status: Pagekit
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-41005?

A vulnerability in Pagekit version 1.0.18 allows remote attackers to exploit the system by executing arbitrary code through the downloadAction and updateAction methods located in UpdateController.php. This flaw highlights the critical need for users to apply necessary patches and maintain updated installations to mitigate potential threats. For more details, visit the reference link.

References

https://github.com/pagekit/pagekit/issues/977

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

CVE-2023-41005 Data

JSON