Agentejo Cockpit < 0.11.2 - NoSQL Injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value. id: CVE-2020-35846 info: name: Agentejo Cockpit 0.11.2 - NoSQL Injection author: dwisiswant0 severity: critic...