A critical vulnerability has been identified in Pagekit CMS, which allows an authenticated attacker to upload a malicious file and execute arbitrary code on the server. Successful exploitation could lead to a complete compromise of the affected system, resulting in data theft, service disruption, and further network intrusion. Due to the critical severity (CVSS 9.9), immediate remediation is required to prevent potential system takeovers.

This vulnerability is an arbitrary file upload weakness within a component of Pagekit CMS. The file upload mechanism fails to properly validate the types of files being uploaded, allowing an authenticated user to bypass security checks and upload a file with a dangerous extension, such as .php. An attacker can upload a crafted PHP script disguised as a legitimate file, and once the upload is complete, they can access the script via its URL to execute arbitrary commands on the server with the privileges of the web service account.

This vulnerability is rated as critical severity with a CVSS score of 9.9. A successful exploit would grant an attacker full control over the web application and potentially the underlying server. This could lead to severe business consequences, including the theft of sensitive data (customer information, credentials, intellectual property), website defacement, deployment of ransomware, or the use of the compromised server to attack other systems. The potential for reputational damage, regulatory fines, and financial loss is significant, as the vulnerability compromises the confidentiality, integrity, and availability of the affected asset.

Immediate Action: Update Pagekit CMS to the latest patched version immediately as recommended by the vendor. All internet-facing instances should be prioritized for patching. After patching, review web-accessible directories for any suspicious or unrecognized files that may have been uploaded prior to the update.

Proactive Monitoring: Monitor web server access logs for patterns indicative of exploitation, such as POST requests to file upload endpoints followed by GET requests to newly created .php files, especially in storage or upload directories. Implement alerts for unusual outbound network connections from the web server and monitor for unexpected processes running under the web server's user context.

Compensating Controls: If patching cannot be immediately deployed, implement the following controls:

• Use a Web Application Firewall (WAF) to block the upload of files with executable extensions (.php, .phtml, etc.).
• Configure the web server to disallow script execution in the directory where files are uploaded.
• Restrict file upload permissions to only highly trusted administrative accounts.
• Employ file integrity monitoring to detect the creation of unauthorized files in web directories.

Public Exploit Available: False

This vulnerability represents a critical risk to the organization and must be addressed with the highest priority. Although it requires authentication, the near-maximum CVSS score of 9.9 underscores the severe potential for a complete system compromise. While this CVE is not currently on the CISA KEV list, its critical nature warrants immediate action. We strongly recommend that all vulnerable Pagekit CMS instances be patched immediately. If patching is delayed, the compensating controls listed above must be implemented as a temporary measure while actively monitoring for any signs of exploitation.