← Back

CVE-2017-5594

nvd nist
Published: Jan 25, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD

Description

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.

Affected (1)

Products: Pagekit: Pagekit
Pagekit
1 product
Pagekit
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Pagekit
Up to 1.0.10

Related CWEs

CWE-640
Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (10)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Technical DescriptionThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.