Unrated severityNVD Advisory· Published Jan 8, 2021· Updated Aug 4, 2024
CVE-2020-35131
CVE-2020-35131
Description
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Cockpit/Cockpitdescription
Patches
Vulnerability mechanics
References
3- github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.phpmitrex_refsource_MISC
- github.com/agentejo/cockpit/releases/tag/0.6.1mitrex_refsource_MISC
- www.exploit-db.com/exploits/49390mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.