Description
The web application uses Cockpit CMS. This version of Cockpit CMS has several NoSQL injection vulnerabilities. Successful attacks of these vulnerabilities can result in takeover of the server.
Remediation
Upgrade to the latest version of Cockpit
References
Related Vulnerabilities
WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)
WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) SQL Injection (6.3)
WordPress Plugin iThemes Security (formerly Better WP Security) SQL Injection (7.0.2)
WordPress Plugin WP Athletics SQL Injection (1.1.7)
WordPress 4.1.x Possible SQL Injection Vulnerability (4.1 - 4.1.19)