Description

The web application uses Cockpit CMS. This version of Cockpit CMS has several NoSQL injection vulnerabilities. Successful attacks of these vulnerabilities can result in takeover of the server.

Remediation

Upgrade to the latest version of Cockpit

References

From 0 to RCE: Cockpit CMS

Related Vulnerabilities

WordPress Plugin WP Statistics SQL Injection (13.0.7)

WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.101)

WordPress Plugin WordPress Video Player Multiple SQL Injection Vulnerabilities (1.5.16)

WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more Multiple SQL Injection Vulnerabilities (5.2.5)

WordPress Plugin WP Private Messages SQL Injection (1.0.1)

Severity

High

Classification

CVE-2020-35847 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SQL Injection