Description

The web application uses Cockpit CMS. This version of Cockpit CMS has several NoSQL injection vulnerabilities. Successful attacks of these vulnerabilities can result in takeover of the server.

Remediation

Upgrade to the latest version of Cockpit

References

From 0 to RCE: Cockpit CMS

Related Vulnerabilities

Hibernate Query Language (HQL) Injection

WordPress Plugin Events SQL Injection (2.3.4)

WordPress Plugin Photoracer Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.0)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors SQL Injection (2.0.2)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll SQL Injection (1.1.91)

Severity

High

Classification

CVE-2020-35847 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SQL Injection