Home > Vulnerability Database > CVE-2020-35848

WhiteSource Vulnerability Database

New vulnerability? Tell us about it!

CVE-2020-35848

Good to know:

Date: December 29, 2020

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

Language: PHP

Severity Score

9.8

Insights from the community

36 tweets

1122 retweets about this vulnerability

Vahagn Vardanian ⚡️

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Sunand

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Max Matteo S.

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Ethical Hacker

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

kmkz

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

whoami_sys

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

wvu

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

AgentZero

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

solov9ev

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Wawrzyniec Pruski

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Justry

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

The Optimist

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Juampa Rodríguez

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

303sec

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

e3xpl0it

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Timur Yunusov

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

ipssignatures

The vuln CVE-2020-35848 has a tweet created 0 days ago and retweeted 16 times. https://t.co/gVsIuF4xmf #Sgnm5sdwu2vwvu

https://t.co/gVsIuF4xmf

ipssignatures

I know no IPS that has a protection/signature/rule for the vulnerability CVE-2020-35848. The vuln was published 13… https://t.co/JWtH0obLum

https://t.co/JWtH0obLum

Quang Nguyen

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

rahul chadda 🇮🇳

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Mihawk C2D1

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Ansh

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

ザカリア

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

fox9ix

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Dmitriy

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Yaroslav Babin

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Sekurak

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

ghettorce

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

n1✴️

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

neketah

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Psych0tr1a

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Securityblog

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Egor Dimitrenko

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

numan türle

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

Aleksandr

RT @ptswarm: Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikit…

PT SWARM

Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our resea… https://t.co/8dsXroQxnN

https://t.co/8dsXroQxnN

Related Resources (5)

Url: https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af

Url: https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-35848

Url: https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1ef24b

Url: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-35848

Severity Score

9.8

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version 0.11.2

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privilegs Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2020-35848

Good to know:

Date: December 29, 2020

Language: PHP

Severity Score

Insights from the community

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?