Agentejo Cockpit CMS resetpassword NoSQLi (CVE-2020-35847)

Description

The web application uses Cockpit CMS. This version of Cockpit CMS has several NoSQL injection vulnerabilities. Successful attacks of these vulnerabilities can result in takeover of the server.

Remediation

Upgrade to the latest version of Cockpit

References

From 0 to RCE: Cockpit CMS

Related Vulnerabilities

WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.1)

WordPress Plugin Better Search SQL Injection (2.2.2)

WordPress Plugin WPJobBoard SQL Injection (5.6.4)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.148)

WordPress Plugin Tune Library SQL Injection (1.5.4)

Severity

High

Classification

CVE-2020-35847 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N