CVE-2020-35848: CVE-2020-35848

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-35848

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Agentejo Cockpit SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Agentejo Cockpit是德国Agentejo公司的一款用于管理网站结构化内容的管理系统。 Agentejo Cockpit 0.11.2之前版本存在SQL注入漏洞，该漏洞允许通过控制器Auth.php newpassword函数注入NoSQL。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-35848

#	POC Description	Source Link	Shenlong Link
1	Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-35848.yaml	POC Details
2	CVE-2020-35848 impacts Cockpit-CMS v1.7 due to unsafe handling of user inputs in authentication mechanisms, leading to remote code execution. This lab is built for CTF players and bug bounty learners to simulate real-world exploitation workflows including token extraction, password reset, and flag capture.	https://github.com/sabbu143s/CVE_2020_35848	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-35848

Please Login to view more intelligence information

https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59afx_refsource_MISC
http://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.htmlx_refsource_MISC
https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466x_refsource_MISC
https://getcockpit.com/x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-35848

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2020-35848

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2020-35848

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-35848

III. Intelligence Information for CVE-2020-35848

IV. Related Vulnerabilities

V. Comments for CVE-2020-35848

Leave a comment