An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95806 | Third Party Advisory VDB Entry |
https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b | Patch |
https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf | Technical Description Third Party Advisory |
https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/41143/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-25T18:00:00
Updated: 2017-09-01T09:57:01
Reserved: 2017-01-25T00:00:00
Link: CVE-2017-5594
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-01-25T18:59:00.153
Modified: 2021-01-08T13:52:39.273
Link: CVE-2017-5594
JSON object: View
Redhat Information
No data.
CWE