Vulnerability Description
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Agentejo | Cockpit | < 0.11.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.hExploitThird Party AdvisoryVDB Entry
- https://getcockpit.com/ProductVendor Advisory
- https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00cPatchVendor Advisory
- https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec5PatchVendor Advisory
- https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1efPatchVendor Advisory
- http://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.hExploitThird Party AdvisoryVDB Entry
- https://getcockpit.com/ProductVendor Advisory
- https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00cPatchVendor Advisory
- https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec5PatchVendor Advisory
- https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1efPatchVendor Advisory
FAQ
What is CVE-2020-35848?
CVE-2020-35848 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
How severe is CVE-2020-35848?
CVE-2020-35848 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-35848?
Check the references section above for vendor advisories and patch information. Affected products include: Agentejo Cockpit.