23 matches found
CVE-2026-38992
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the filter parameter in multiple endpoints, leveraging the MongoLite $func operator. An attacker can execute arbitrary system commands by supplying crafted input to the affected endpoints. Remediation Upgrad...
GHSA-FM6C-RHCF-7439 Cockpit is vulnerable to arbitrary code execution
Cockpit versions 2.13.5 and earlier are vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
Cockpit is vulnerable to arbitrary code execution
Cockpit versions 2.13.5 and earlier are vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
CVE-2026-38992
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
CVE-2026-38992
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
CVE-2026-38992
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
CVE-2026-38992
CVE-2026-38992 affects Cockpit up to v2.13.5. The vulnerability exists in the filter parameter used across multiple endpoints, enabling arbitrary code execution via the MongoLite $func operator and allowing an attacker to run system commands on the underlying infrastructure. Affected component: C...
CVE-2026-38992
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
EUVD-2026-26232
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator...
Cockpit < 2.13.5 SQLi (GHSA-7x5c-vfhj-9628)
The version of Cockpit CMS running on the remote web server is prior to 2.13.5. It is, therefore, affected by a SQL injection vulnerability in the MongoLite Aggregation Optimizer. - An unsanitized field name in the toJsonExtractRaw method in lib/MongoLite/Aggregation/Optimizer.php allows an...
UBUNTU-CVE-2026-31891
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...
CVE-2026-31891
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...
CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...
CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...
CVE-2026-31891
CVE-2026-31891 affects Cockpit CMS 2.13.4 and earlier with API access enabled. A SQL injection in the MongoLite Aggregation Optimizer allows an attacker with a valid read-only API key to inject arbitrary SQL via unsanitized field names in aggregation queries (toJsonExtractRaw()), bypassing the pu...
Cockpit SQL注入漏洞
Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.4 and earlier had a SQL injection vulnerability. This vulnerability originated from the SQL injection vulnerability present in the MongoLite aggregate optimizer, which could allow...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the toJsonExtractRaw function in the MongoLite Aggregation Optimizer. An attacker can extract unauthorized data from the underlying database by injecting arbitrary SQL through unsanitized field names in aggregation...
GHSA-7X5C-VFHJ-9628 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...
Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...