Primary

Context

Pagekit CMS Arbitrary File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

A vulnerability allowing authenticated users to upload arbitrary files has been identified in Pagekit CMS version 1.0.18. This issue resides in the /storage/poc.php component and allows attackers to execute arbitrary code by uploading a specially crafted PHP file.

Impact

Exploitation of this vulnerability allows for the installation of a persistent web shell, enabling remote code execution on the server.

Reproduction

To reproduce this vulnerability, authenticate as a user with permission to upload files. Navigate to the /storage/ directory and upload a PHP file containing malicious code. Once the file is uploaded, execute it to achieve remote code execution on the server.

Added: Dec 17, 2025, 5:20 PM

Updated: Dec 17, 2025, 7:38 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

6.8

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

6.8

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pagekit CMS Arbitrary File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Pagekit CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating