CVE-2019-19013

Description

A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.

How to fix CVE-2019-19013

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Packagist/pagekit/pagekit—no fix listed

Is CVE-2019-19013 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 1.0.17

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2019-19013
• PATCHgithub.com/pagekit/pagekit
• WEBgitlab.com/gitlab-org/security-products/gemnasium-db/-/commit/fdf885ccf7c57c69f4d256bbb3ec76a927267a2b
• WEBpacketstormsecurity.com/files/155426/Pagekit-CMS-1.0.17-Cross-Site-Request-Forgery.html