pagekit/pagekit is vulnerable to arbitrary file upload. The vulnerability exists in the storage feature because it doesn’t restrict the file types that can be uploaded which allows an attacker to upload malicious files and access the file directory of the system.