Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2017-5594
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-25 Jan, 2017 | 18:59
Updated At-20 Apr, 2025 | 01:37

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
pagekit
pagekit
>>pagekit>>Versions up to 1.0.10(inclusive)
cpe:2.3:a:pagekit:pagekit:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-640Primarynvd@nist.gov
CWE ID: CWE-640
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/95806cve@mitre.org
Third Party Advisory
VDB Entry
https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268bcve@mitre.org
Patch
https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdfcve@mitre.org
Technical Description
Third Party Advisory
https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txtcve@mitre.org
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/41143/cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/95806af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268baf854a3a-2127-422b-91ae-364da2661108
Patch
https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdfaf854a3a-2127-422b-91ae-364da2661108
Technical Description
Third Party Advisory
https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/41143/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/95806
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf
Source: cve@mitre.org
Resource:
Technical Description
Third Party Advisory
Hyperlink: https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/41143/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/95806
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Technical Description
Third Party Advisory
Hyperlink: https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/41143/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Change History
0Changes found
Details not found