CVE-2020-35131 Scanner

Cockpit CMS is an open-source content management system primarily used by developers and organizations to manage and structure digital content. It provides a flexible structure and ease of use for content management, making it popular among developers for creating dynamic websites and applications. Cockpit CMS can be deployed on various platforms and is commonly used in environments where custom PHP development is necessary. It is often employed for its capabilities to manage content across multiple platforms seamlessly. Developers favor Cockpit for its adaptability and efficiency in managing diverse digital content needs.

The Remote Code Execution vulnerability in Cockpit CMS could allow attackers to execute arbitrary code on the server hosting the CMS. The vulnerability arises from improper handling of PHP code injections via specific endpoints within the software. By exploiting this vulnerability, attackers can potentially take full control over the CMS and underlying server. This vulnerability is particularly concerning because it requires no authentication to exploit, meaning remote attackers could cause significant harm. The nature of RCE vulnerabilities means they are often regarded as high-risk.

The vulnerability details indicate that it resides within Cockpit CMS, particularly in the function registerCriteriaFunction in the lib/MongoLite/Database.php file. This allows an attacker to inject PHP code via JSON data submitted to the /auth/check or /auth/requestreset endpoints. These endpoints are typically used for authentication purposes, yet due to improper sanitization, they can be exploited for code execution. This highlights the need for robust sanitization checks on user input to prevent malicious code execution.

When exploited, this vulnerability can lead to severe outcomes such as unauthorized access, data leaks, disruption of service, and complete system compromise. Attackers can deploy malware, modify existing content, or shutdown services affecting the CMS's availability. The repercussions of a successful exploit may result in reputational damage for affected organizations, data loss, and potentially costly downtime. Immediate patching and applying security best practices can mitigate these risks.

REFERENCES

• https://github.com/agentejo/cockpit/commits/next/lib/MongoLite/Database.php
• https://github.com/agentejo/cockpit/releases/tag/0.6.1
• https://www.exploit-db.com/exploits/49390
• https://nvd.nist.gov/vuln/detail/CVE-2020-35131