HomePentest-Tools.com Logo

Agentejo Cockpit <0.12.0 - NoSQL Injection CVE-2020-35848

Severity
CVSSv3 Score
9.8
Vulnerability description

Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form.

Risk description

No risk description to display.

Recommendation

Upgrade Agentejo Cockpit to version 0.12.0 or later to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Dec 30, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available