{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6652", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-20T05:58:31.133Z", "datePublished": "2026-04-20T15:00:22.525Z", "dateUpdated": "2026-04-20T16:14:56.950Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T15:00:22.525Z"}, "title": "Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-95", "lang": "en", "description": "Improper Neutralization of Directives in Dynamically Evaluated Code"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "Pagekit", "product": "CMS", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}, {"version": "1.0.4", "status": "affected"}, {"version": "1.0.5", "status": "affected"}, {"version": "1.0.6", "status": "affected"}, {"version": "1.0.7", "status": "affected"}, {"version": "1.0.8", "status": "affected"}, {"version": "1.0.9", "status": "affected"}, {"version": "1.0.10", "status": "affected"}, {"version": "1.0.11", "status": "affected"}, {"version": "1.0.12", "status": "affected"}, {"version": "1.0.13", "status": "affected"}, {"version": "1.0.14", "status": "affected"}, {"version": "1.0.15", "status": "affected"}, {"version": "1.0.16", "status": "affected"}, {"version": "1.0.17", "status": "affected"}, {"version": "1.0.18", "status": "affected"}], "modules": ["StringStorage Template Handler"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-20T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-20T08:03:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "s4nnty (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358286", "name": "VDB-358286 | Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358286/cti", "name": "VDB-358286 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/794186", "name": "Submit #794186 | Pagekit CMS framework <= 1.0.18 Remote Code Execution", "tags": ["third-party-advisory"]}, {"url": "https://medium.com/@pkhuyar/the-danger-of-php-eval-a23410187ca2", "tags": ["broken-link", "exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:09:27.558348Z", "id": "CVE-2026-6652", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:14:56.950Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6652", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:09:27.558348Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:09:29.534Z"}}], "cna": {"title": "Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection", "credits": [{"lang": "en", "type": "reporter", "value": "s4nnty (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Pagekit", "modules": ["StringStorage Template Handler"], "product": "CMS", "versions": [{"status": "affected", "version": "1.0.0"}, {"status": "affected", "version": "1.0.1"}, {"status": "affected", "version": "1.0.2"}, {"status": "affected", "version": "1.0.3"}, {"status": "affected", "version": "1.0.4"}, {"status": "affected", "version": "1.0.5"}, {"status": "affected", "version": "1.0.6"}, {"status": "affected", "version": "1.0.7"}, {"status": "affected", "version": "1.0.8"}, {"status": "affected", "version": "1.0.9"}, {"status": "affected", "version": "1.0.10"}, {"status": "affected", "version": "1.0.11"}, {"status": "affected", "version": "1.0.12"}, {"status": "affected", "version": "1.0.13"}, {"status": "affected", "version": "1.0.14"}, {"status": "affected", "version": "1.0.15"}, {"status": "affected", "version": "1.0.16"}, {"status": "affected", "version": "1.0.17"}, {"status": "affected", "version": "1.0.18"}]}], "timeline": [{"lang": "en", "time": "2026-04-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-20T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-20T08:03:37.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/358286", "name": "VDB-358286 | Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358286/cti", "name": "VDB-358286 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/794186", "name": "Submit #794186 | Pagekit CMS framework <= 1.0.18 Remote Code Execution", "tags": ["third-party-advisory"]}, {"url": "https://medium.com/@pkhuyar/the-danger-of-php-eval-a23410187ca2", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-95", "description": "Improper Neutralization of Directives in Dynamically Evaluated Code"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T15:00:22.525Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6652", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:14:56.950Z", "dateReserved": "2026-04-20T05:58:31.133Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-20T15:00:22.525Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-6652", "lastModified": "2026-04-20T16:16:56.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-20T16:16:56.013", "references": [{"source": "cna@vuldb.com", "url": "https://medium.com/@pkhuyar/the-danger-of-php-eval-a23410187ca2"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/794186"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358286"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358286/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-95"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T17:21:55.820437+00:00", "value": {"mitigation_remediation": ["Verify whether a vendor patch or newer release that removes the vulnerable evaluate call is available, and apply it as soon as possible.", "Restrict template editing and execution so that only trusted administrators can submit or process templates that invoke the StringStorage Template Handler. This limits the attack surface to privileged users.", "Sanitize template inputs to remove any PHP delimiters or code that could trigger eval, ensuring that only pure template content is processed."], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw affects Pagekit CMS installations running any version up to and including 1.0.18. The vulnerable code resides in app/modules/view/src/PhpEngine.php within the StringStorage Template Handler component. All sites that rely on this component for rendering templates without a newer fixed release are susceptible.", "description_and_impact": "This vulnerability lies in the evaluate function of the StringStorage Template Handler in Pagekit CMS up to version\u202f1.0.18. The function uses PHP's eval without properly neutralizing directives in dynamically evaluated code, allowing a malicious user to inject and execute arbitrary PHP code on the server. The weakness is classified as code injection (CWE\u201194) and eval injection (CWE\u201195). Remote attackers can exploit the flaw through web inputs that reach the evaluate routine, leading to full remote code execution on the affected system.", "risk_and_exploitability": "The CVSS score of 5.1 indicates a moderate baseline severity, but the publicly available exploit elevates the practical risk. Because the attack vector is remote, the exploitation requires only access to parts of the CMS that submit or process templates. Although the vulnerability is not listed in the CISA KEV catalog, the existence of a public exploit and the lack of vendor response increase the likelihood of abuse. Administrators should treat this as a medium-risk flaw that could enable remote code execution if not addressed promptly."}}}}, "created": "2026-04-20T17:30:12.652036+00:00", "updated": "2026-04-20T17:30:12.652047+00:00", "vendors": []}