Cockpit CMS CSRF / XSS / Path Traversal

1 Path Traversal CVE-2018-15540 It is possible to read/write/delete files or list directories by using "../" to traverse to other folders via requests to /cockpit/media/api Example of a vulnerable request: POST /cockpit/media/api HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 Windows NT 10....

Cockpit CMS CSRF / XSS / Path Traversal Vulnerabilities

Cockpit CMS suffers from cross site request forgery, cross site scripting, and traversal vulnerabilities. Version 0.6.2 should address these issues. 1 Path Traversal CVE-2018-15540 It is possible to read/write/delete files or list directories by using "../" to traverse to other folders via reques...