CVE-2020-35847 Scanner

Agentejo Cockpit is a web-based Content Management System (CMS) that enables website owners to manage their web content efficiently. This CMS is designed to simplify the website management process and provide website owners with a user-friendly interface to create, edit, and manage their web pages easily. Agentejo Cockpit is used by many businesses to manage their websites, and it has become increasingly popular in recent years.

Recently, a severe vulnerability was detected in Agentejo Cockpit, namely CVE-2020-35847. This vulnerability is a NoSQL injection that occurs in the Controller/Auth.php resetpassword function. Essentially, an attacker can exploit this vulnerability by injecting malicious code into the authentication process, leading to unauthorized access to the system.

The CVE-2020-35847 vulnerability can be very dangerous when exploited. It can allow attackers to gain access to sensitive information, such as passwords, users' email addresses, and other personal information. Hackers can use this information to launch further attacks on the system, leading to significant data breaches, financial loss, and client loss.

Thanks to the pro features of the s4e.io platform, it is now possible to learn about vulnerabilities in your digital assets easily and quickly. With this platform, you can scan your website for any vulnerabilities and receive instant alerts if any are detected. You can also evaluate your website’s security posture and receive recommended actions to mitigate any identified risks. By using this platform, you can rest assured that your website is secure and protected from attacks.

REFERENCES

• https://getcockpit.com/
• https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466
• https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af
• https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1ef24b