Home > Vulnerability Database > CVE-2017-5594

Mend.io Vulnerability Database

CVE-2017-5594

Good to know:

Date: January 25, 2017

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.

Language: PHP

Severity Score

7.5

Related Resources (7)

Url: https://www.exploit-db.com/exploits/41143/

Url: https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-5594

Url: https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt

Url: https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b

Url: http://www.securityfocus.com/bid/95806

Url: https://www.mend.io/vulnerability-database/CVE-2017-5594

Severity Score

7.5

Weakness Type (CWE)

Weak Password Recovery Mechanism for Forgotten Password

CWE-640

Top Fix

Upgrade Version

Upgrade to version 1.0.11

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-5594

Good to know:

Date: January 25, 2017

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?