Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for CMS by Pagekit

    CVE-2026-6652 (GCVE-0-2026-6652)

    Vulnerability from nvd – Published: 2026-04-20 15:00 – Updated: 2026-04-20 16:14
    VLAI
    Title
    Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection
    Summary
    A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code
    • CWE-94 - Code Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/358286 vdb-entrytechnical-description
    https://vuldb.com/vuln/358286/cti signaturepermissions-required
    https://vuldb.com/submit/794186 third-party-advisory
    https://medium.com/@pkhuyar/the-danger-of-php-eva… broken-linkexploit
    Impacted products
    Vendor Product Version
    Pagekit CMS Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Create a notification for this product.
    Credits
    s4nnty (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6652",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-20T16:09:27.558348Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-20T16:14:56.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "StringStorage Template Handler"
              ],
              "product": "CMS",
              "vendor": "Pagekit",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "s4nnty (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-95",
                  "description": "Improper Neutralization of Directives in Dynamically Evaluated Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T15:00:22.525Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-358286 | Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/358286"
            },
            {
              "name": "VDB-358286 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/358286/cti"
            },
            {
              "name": "Submit #794186 | Pagekit CMS framework \u003c= 1.0.18 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/794186"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@pkhuyar/the-danger-of-php-eval-a23410187ca2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-20T08:03:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-6652",
        "datePublished": "2026-04-20T15:00:22.525Z",
        "dateReserved": "2026-04-20T05:58:31.133Z",
        "dateUpdated": "2026-04-20T16:14:56.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6652 (GCVE-0-2026-6652)

    Vulnerability from cvelistv5 – Published: 2026-04-20 15:00 – Updated: 2026-04-20 16:14
    VLAI
    Title
    Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection
    Summary
    A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code
    • CWE-94 - Code Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/358286 vdb-entrytechnical-description
    https://vuldb.com/vuln/358286/cti signaturepermissions-required
    https://vuldb.com/submit/794186 third-party-advisory
    https://medium.com/@pkhuyar/the-danger-of-php-eva… broken-linkexploit
    Impacted products
    Vendor Product Version
    Pagekit CMS Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Affected: 1.0.12
    Affected: 1.0.13
    Affected: 1.0.14
    Affected: 1.0.15
    Affected: 1.0.16
    Affected: 1.0.17
    Affected: 1.0.18
    Create a notification for this product.
    Credits
    s4nnty (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6652",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-20T16:09:27.558348Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-20T16:14:56.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "StringStorage Template Handler"
              ],
              "product": "CMS",
              "vendor": "Pagekit",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.18"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "s4nnty (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-95",
                  "description": "Improper Neutralization of Directives in Dynamically Evaluated Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-20T15:00:22.525Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-358286 | Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/358286"
            },
            {
              "name": "VDB-358286 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/358286/cti"
            },
            {
              "name": "Submit #794186 | Pagekit CMS framework \u003c= 1.0.18 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/794186"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@pkhuyar/the-danger-of-php-eval-a23410187ca2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-20T08:03:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-6652",
        "datePublished": "2026-04-20T15:00:22.525Z",
        "dateReserved": "2026-04-20T05:58:31.133Z",
        "dateUpdated": "2026-04-20T16:14:56.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }