6 matches found
Cockpit CMS 0.11.1 - (Username Enumeration & Password Reset) NoSQL Injection Exploit
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json import re import...
Cockpit CMS 0.11.1 NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
Exploit for SQL Injection in Agentejo Cockpit
Cockpit CMS NoSQL Injection CVE-2020-35847, CVE-2020-35848...
CVE-2020-35848
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function...
CVE-2020-35848
CVE-2020-35848 affects Agentejo Cockpit prior to 0.11.2, where the NoSQL injection vulnerability exists in the Auth controller’s newpassword path. The connected sources consistently describe exploitation via /auth/resetpassword and /auth/newpassword, enabling manipulation of database queries and ...