3 matches found
Cockpit CMS 0.6.1 - Remote Code Execution
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. id: CVE-2020-35131 info: name: Cockpit CMS 0.6.1 ...
CVE-2020-35131
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI...
CVE-2020-35131
Affected software: Cockpit CMS pre-0.6.1. The vulnerability is a code execution flaw caused by insecure handling of registerCriteriaFunction in lib/MongoLite/Database.php, enabling an attacker to inject PHP through crafted JSON values to /auth/check or /auth/requestreset. Impact is remote, unauth...