ID:912 - Exploit for Administrative password reset in Pagekit CMS - CVE-2017-5594

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:912 - Exploit for Administrative password reset in Pagekit CMS - CVE-2017-5594

ID:912 - Exploit for Administrative password reset in Pagekit CMS - CVE-2017-5594

Published: March 18, 2020


Vulnerability identifier: #VU5378
Vulnerability risk: High
CVE-ID: CVE-2017-5594
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
Pagekit CMS

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to gain administrative access to vulnerable website.

The vulnerability exists due to incorrect validation of user-supplied data during password reset process, when the debug toolbar is enabled. A remote attacker can send a specially crafted HTTP request and reset administrator’s password.

Successful exploitation of the vulnerability may allow an attacker to gain full access to vulnerable website.


Remediation

Update to version 1.0.11.