CVE-2019-19013
HIGH8.8EPSS 0.18%Pagekit File Upload vulnerability
Published: 5/24/2022Modified: 2/16/2024
Description
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.
Affected packages (1)
- Packagist/pagekit/pagekitfrom 0, <= 1.0.17
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (4)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-19013
- PATCHhttps://github.com/pagekit/pagekit
- WEBhttps://gitlab.com/gitlab-org/security-products/gemnasium-db/-/commit/fdf885ccf7c57c69f4d256bbb3ec76a927267a2b
- WEBhttps://packetstormsecurity.com/files/155426/Pagekit-CMS-1.0.17-Cross-Site-Request-Forgery.html