Lucene search
K

11 matches found

Nuclei
Nuclei
added 18 hours ago49 views

Agentejo Cockpit <0.11.2 - NoSQL Injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller. id: CVE-2020-35847 info: name: Agentejo Cockpit 0.11.2 - NoSQL Injection author: dwisiswant0 severity: critical description: | Agentejo Cockpit before 0.11.2 allows NoS...

9.8CVSS7AI score0.98294EPSS
Exploits8References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.8 views

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...

9.8CVSS7.1AI score0.98294EPSS
Exploits8
0day.today
0day.today
added 2021/08/10 12:0 a.m.148 views

Cockpit CMS 0.11.1 - (Username Enumeration & Password Reset) NoSQL Injection Exploit

Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json import re import...

9.8CVSS0.5AI score0.98294EPSS
Exploits13
Exploit DB
Exploit DB
added 2021/08/10 12:0 a.m.440 views

Cockpit CMS 0.11.1 - &#039;Username Enumeration &amp; Password Reset&#039; NoSQL Injection

Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...

9.8CVSS9.6AI score0.98294EPSS
Exploits9
Packet Storm
Packet Storm
added 2021/08/10 12:0 a.m.576 views

Cockpit CMS 0.11.1 NoSQL Injection

Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...

9.8CVSS9.6AI score0.98294EPSS
Exploits13
GithubExploit
GithubExploit
added 2021/08/06 9:19 a.m.258 views

Exploit for SQL Injection in Agentejo Cockpit

Cockpit CMS NoSQL Injection CVE-2020-35847, CVE-2020-35848...

9.8CVSS9.7AI score0.98294EPSS
Exploits13
Metasploit
Metasploit
added 2021/04/21 5:42 p.m.179 views

Cockpit CMS NoSQLi to RCE

This module exploits two NoSQLi vulnerabilities to retrieve the user list, and password reset tokens from the system. Next, the USER is targetted to reset their password. Then a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it...

9.8CVSS10AI score0.98294EPSS
Exploits12
Circl
Circl
added 2020/12/30 7:30 a.m.40 views

CVE-2020-35847

creationtimestamp| type| source ---|---|--- 2020-12-30 07:30:07+00:00| seen| https://t.me/cibsecurity/21420 2021-04-21 12:28:51+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cockpitcmsrce.rb 2024-10-14 21:58:51+00:00| published-proof-of-concep...

9.8CVSS7.3AI score0.98294EPSS
Exploits8References5
OSV
OSV
added 2020/12/30 1:15 a.m.45 views

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...

9.8CVSS7.4AI score
Exploits0References6
CVE
CVE
added 2020/12/30 12:38 a.m.179 views

CVE-2020-35847

CVE-2020-35847 affects Agentejo Cockpit (Cockpit CMS) versions before 0.11.2. The NoSQL injection occurs in Controller/Auth.php resetpassword (and related endpoints) allowing manipulation of NoSQL queries, which can enable user enumeration and extraction of password reset tokens, potentially enab...

9.8CVSS9.4AI score0.98294EPSS
Exploits8References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/12/30 12:0 a.m.51 views

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Recent assessments: h00die at May 31, 2021 12:11pm UTC reported: Similar to CVE-2020-35846, this is a noSQL injection using the vardump function to dump all memory for the password reset...

9.8CVSS1.8AI score0.98294EPSS
Exploits12References7
Rows per page
Query Builder