VulnerableCode Package Details - pkg:composer/pagekit/pagekit@1.0.14

Search for packages

Vulnerability	Summary	Fixed by
VCID-4b6k-tr9h-z7b2 Aliases: CVE-2025-67165 GHSA-w3j8-9p3j-3wjx	An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.	There are no reported fixed by versions.
VCID-86f9-mdmh-jbbj Aliases: CVE-2021-44135 GHSA-45hc-r4fj-qj89	SQL injection in pagekit/pagekit	There are no reported fixed by versions.
VCID-mnta-3rft-aqfd Aliases: CVE-2025-67164 GHSA-m4f2-xpfq-h97v	An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.	There are no reported fixed by versions.
VCID-y8vq-atne-2ydw Aliases: CVE-2024-45967 GHSA-xw32-6422-frqm	Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-4b6k-tr9h-z7b2
Aliases:
CVE-2025-67165
GHSA-w3j8-9p3j-3wjx

An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.

There are no reported fixed by versions.

VCID-86f9-mdmh-jbbj
Aliases:
CVE-2021-44135
GHSA-45hc-r4fj-qj89

SQL injection in pagekit/pagekit

There are no reported fixed by versions.

VCID-mnta-3rft-aqfd
Aliases:
CVE-2025-67164
GHSA-m4f2-xpfq-h97v

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.

There are no reported fixed by versions.

VCID-y8vq-atne-2ydw
Aliases:
CVE-2024-45967
GHSA-xw32-6422-frqm

Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-kyhu-u4v4-6kfq		CVE-2018-14381 GHSA-v47j-rw9h-6m47
VCID-tt3d-1ty4-sbaj		CVE-2018-11564 GHSA-3rwj-v7jp-w542

Vulnerability

Summary

Aliases

VCID-kyhu-u4v4-6kfq

CVE-2018-14381
GHSA-v47j-rw9h-6m47

VCID-tt3d-1ty4-sbaj

CVE-2018-11564
GHSA-3rwj-v7jp-w542

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T20:40:39.230231+00:00	GitLab Importer	Affected by	VCID-mnta-3rft-aqfd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pagekit/pagekit/CVE-2025-67164.yml	38.6.0
2026-06-12T20:40:38.550313+00:00	GitLab Importer	Affected by	VCID-4b6k-tr9h-z7b2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pagekit/pagekit/CVE-2025-67165.yml	38.6.0
2026-06-12T19:41:46.441278+00:00	GitLab Importer	Affected by	VCID-y8vq-atne-2ydw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pagekit/pagekit/CVE-2024-45967.yml	38.6.0
2026-06-12T18:03:52.649451+00:00	GitLab Importer	Affected by	VCID-86f9-mdmh-jbbj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pagekit/pagekit/CVE-2021-44135.yml	38.6.0
2026-06-12T15:40:47.807823+00:00	GitLab Importer	Fixing	VCID-kyhu-u4v4-6kfq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pagekit/pagekit/CVE-2018-14381.yml	38.6.0
2026-06-12T15:40:33.598017+00:00	GitLab Importer	Fixing	VCID-tt3d-1ty4-sbaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pagekit/pagekit/CVE-2018-11564.yml	38.6.0
2026-06-12T08:25:24.352342+00:00	GithubOSV Importer	Fixing	VCID-kyhu-u4v4-6kfq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v47j-rw9h-6m47/GHSA-v47j-rw9h-6m47.json	38.6.0