CVE-2017-5594
published 2017-01-25CVE-2017-5594: An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug…
PriorityP354high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.97%
93.3th percentile
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openvpn | openvpn | >= 0 < 2.3.2-7ubuntu3.2+esm2 | 2.3.2-7ubuntu3.2+esm2 |
| openvpn | openvpn | >= 0 < 2.3.10-1ubuntu2.2+esm2 | 2.3.10-1ubuntu2.2+esm2 |
| openvpn | openvpn | >= 0 < 2.4.4-2ubuntu1.7+esm1 | 2.4.4-2ubuntu1.7+esm1 |
| pagekit | pagekit | <= 1.0.10 | — |
| pagekit | pagekit | >= 0 < 1.0.11 | 1.0.11 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
openvpn vulnerabilities
osv·2025-03-11·CVSS 9.8
CVE-2017-12166 openvpn vulnerabilities
openvpn vulnerabilities
It was discovered that OpenVPN did not perform proper input validation
when generating a TLS key under certain configuration, which could lead to
a buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS. (CVE-2017-12166)
Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)
OSV
Pagekit Weak Password Recovery Mechanism for Forgotten Password
osv·2022-05-13
CVE-2017-5594 [HIGH] Pagekit Weak Password Recovery Mechanism for Forgotten Password
Pagekit Weak Password Recovery Mechanism for Forgotten Password
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
GHSA
Pagekit Weak Password Recovery Mechanism for Forgotten Password
ghsa·2022-05-13
CVE-2017-5594 [HIGH] CWE-640 Pagekit Weak Password Recovery Mechanism for Forgotten Password
Pagekit Weak Password Recovery Mechanism for Forgotten Password
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/95806https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268bhttps://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdfhttps://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txthttps://www.exploit-db.com/exploits/41143/http://www.securityfocus.com/bid/95806https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268bhttps://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdfhttps://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txthttps://www.exploit-db.com/exploits/41143/
2017-01-25
Published