CVE-2020-35846 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Agentejo Cockpit affects v. before 0.11.2.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
Agentejo Cockpit is a CMS (Content Management System) that provides users with a simple and intuitive interface to manage website content. The platform offers a variety of features, including a user-friendly dashboard, multi-language support, and customizable modules. It is used by web developers and designers to create and manage websites for various industries, including e-commerce, media, and education. The platform was designed to simplify the process of website creation and management, allowing users to save time and effort.
CVE-2020-35846 is a vulnerability detected in Agentejo Cockpit version 0.11.2 and earlier. This vulnerability allows for NoSQL injection via the Controller/Auth.php check function. NoSQL injection is a type of attack that allows an attacker to modify data in an unsecured NoSQL database. In the case of Agentejo Cockpit, an attacker could exploit this vulnerability to access or modify sensitive data, such as user login credentials, website content, and customer information.
When exploited, the CVE-2020-35846 vulnerability can have serious consequences for website owners and their customers. Attackers could potentially steal sensitive information, such as credit card numbers, personal identification, or intellectual property. Additionally, cybercriminals could use this vulnerability as a pathway to launch further attacks, such as ransomware or denial of service.
In conclusion, those who are concerned about vulnerabilities in their digital assets can rest easy knowing that the s4e.io platform offers a range of pro features that can quickly identify and prioritize potential risks. By staying informed and taking appropriate precautions, users can protect themselves and their customers from cyber threats.
REFERENCES
