Published: 30/12/2020 Updated: 21/04/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Agentejo Cockpit prior to 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Mailing Lists

This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system Next, the USER is targeted to reset their password Then, a command injection vulnerability is used to execute the payload While it is possible to upload a payload and execute it, the command injection provides a ...