Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Agentejo Security Vulnerabilities

cve
cve

CVE-2024-4825

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire...

9.8CVSS

7.2AI Score

0.0004EPSS

2024-05-14 03:45 PM
22
cve
cve

CVE-2023-41564

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml...

6.1CVSS

6.6AI Score

0.001EPSS

2023-09-08 11:15 PM
24
cve
cve

CVE-2023-37650

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator...

8.8CVSS

9AI Score

0.001EPSS

2023-07-20 08:15 PM
23
cve
cve

CVE-2023-37649

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive...

7.5CVSS

7.4AI Score

0.001EPSS

2023-07-20 08:15 PM
125
cve
cve

CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset...

9.8CVSS

9.7AI Score

0.734EPSS

2021-01-08 05:15 PM
28
2
cve
cve

CVE-2020-35848

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword...

9.8CVSS

9.6AI Score

0.786EPSS

2020-12-30 01:15 AM
108
7
cve
cve

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword...

9.8CVSS

9.5AI Score

0.791EPSS

2020-12-30 01:15 AM
109
12
cve
cve

CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check...

9.8CVSS

9.4AI Score

0.813EPSS

2020-12-30 01:15 AM
107
9
cve
cve

CVE-2020-14408

An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack...

6.1CVSS

6.8AI Score

0.001EPSS

2020-06-17 08:15 PM
28
cve
cve

CVE-2018-15538

Agentejo Cockpit has multiple Cross-Site Scripting...

6.1CVSS

6.3AI Score

0.001EPSS

2018-10-15 07:29 PM
18
cve
cve

CVE-2018-15539

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords,...

8.8CVSS

6.7AI Score

0.001EPSS

2018-10-15 07:29 PM
18
cve
cve

CVE-2018-15540

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory...

9.8CVSS

6.8AI Score

0.006EPSS

2018-10-15 07:29 PM
29
cve
cve

CVE-2017-14611

SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents...

9.1CVSS

9AI Score

0.007EPSS

2018-04-10 03:29 PM
36