CVE-2025-67164: Pagekit CMS is vulnerable to OS Command Injection via Storage component

Severity: Critical

CVSS Score: 10

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.