CVE-2020-35847, CVE-2020-35848 : Account Takeover
Cockpit CMS NoSQL Injection (CVE-2020-35847, CVE-2020-35848)
Cockpit CMS before version 0112 is vulnerable to a NoSQL Injection vulnerability in the /auth/resetpassword and /auth/newpassword that allows extraction of password reset tokens which allow for user details enumeration as well as password reset
Read More - swarmptsecuritycom/rce-cockpit-cms/
This python