Vulnerability
CVE-2020-35846 is a vulnerability discovered in Cockpit CMS, an open-source content management system, that allows NoSQL injection attacks via the Controller/Auth.php check function. In some configurations, the vulnerabilities could allow an unauthenticated remote attacker to execute code on a cockpit server, especially those running MongoLite.
Mitigation / Precaution
In order to patch this vulnerability, please install the official patch made by the vendor available for supported, vulnerable instances.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
