Published: 30/12/2020 Updated: 05/04/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Agentejo Cockpit prior to 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
agentejo cockpit

Cockpit CMS version 0111 username enumeration and password reset NoSQL injection exploit ...

CVE-2020-35847, CVE-2020-35848 : Account Takeover

Cockpit CMS NoSQL Injection (CVE-2020-35847, CVE-2020-35848) Cockpit CMS before version 0112 is vulnerable to a NoSQL Injection vulnerability in the /auth/resetpassword and /auth/newpassword that allows extraction of password reset tokens which allow for user details enumeration as well as password reset Read More - swarmptsecuritycom/rce-cockpit-cms/ This python

CWE-89 https://getcockpit.com/https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1ef24b http://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.html https://nvd.nist.gov https://github.com/w33vils/CVE-2020-35847_CVE-2020-35848 https://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-35848

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect