Lucene search
K

6 matches found

Packet Storm
Packet Storm
added 2021/08/10 12:0 a.m.576 views

Cockpit CMS 0.11.1 NoSQL Injection

Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...

9.8CVSS9.6AI score0.98294EPSS
Exploits13
0day.today
0day.today
added 2021/08/10 12:0 a.m.148 views

Cockpit CMS 0.11.1 - (Username Enumeration & Password Reset) NoSQL Injection Exploit

Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json import re import...

9.8CVSS0.5AI score0.98294EPSS
Exploits13
Exploit DB
Exploit DB
added 2021/08/10 12:0 a.m.440 views

Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection

Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...

9.8CVSS9.6AI score0.98294EPSS
Exploits9
GithubExploit
GithubExploit
added 2021/08/06 9:19 a.m.258 views

Exploit for SQL Injection in Agentejo Cockpit

Cockpit CMS NoSQL Injection CVE-2020-35847, CVE-2020-35848...

9.8CVSS9.7AI score0.98294EPSS
Exploits13
OSV
OSV
added 2020/12/30 1:15 a.m.31 views

CVE-2020-35848

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function...

9.8CVSS7.4AI score
Exploits0References5
CVE
CVE
added 2020/12/30 12:39 a.m.155 views

CVE-2020-35848

CVE-2020-35848 affects Agentejo Cockpit prior to 0.11.2, where the NoSQL injection vulnerability exists in the Auth controller’s newpassword path. The connected sources consistently describe exploitation via /auth/resetpassword and /auth/newpassword, enabling manipulation of database queries and ...

9.8CVSS9.5AI score0.74989EPSS
Exploits5References5Affected Software1
Rows per page
Query Builder