Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/03/18 2:58 a.m.4 views

CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 2:58 a.m.28 views

CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS0.00397EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 2:58 a.m.46 views

CVE-2026-31891

CVE-2026-31891 affects Cockpit CMS 2.13.4 and earlier with API access enabled. A SQL injection in the MongoLite Aggregation Optimizer allows an attacker with a valid read-only API key to inject arbitrary SQL via unsanitized field names in aggregation queries (toJsonExtractRaw()), bypassing the pu...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/17 5:7 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the toJsonExtractRaw function in the MongoLite Aggregation Optimizer. An attacker can extract unauthorized data from the underlying database by injecting arbitrary SQL through unsanitized field names in aggregation...

7.7CVSS6AI score0.00397EPSS
Exploits0References2
OSV
OSV
added 2026/03/17 5:7 p.m.2 views

GHSA-7X5C-VFHJ-9628 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...

7.7CVSS6AI score0.00397EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/17 5:7 p.m.6 views

Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Impact This is a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected. Who is impacted: - Any deployment where the /api/content/aggregate/model endpoint is publicly accessible...

7.7CVSS6AI score0.00397EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder