This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Agentejo Cockpit CMS suffers from a **NoSQL Injection** flaw in the `Auth.php` controller's check function.β¦
π¦ **Affected**: **Agentejo Cockpit CMS**. <br>π **Versions**: All versions **prior to 0.11.2** (e.g., 0.11.1 and earlier). <br>π **Context**: A German-based CMS for managing structured website content.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Actions**: <br>1. **Leak Usernames**: Dump all user accounts via NoSQL injection. <br>2. **Bypass Auth**: Log in without valid credentials. <br>3.β¦
β οΈ **Threshold**: **Low to Medium**. <br>π **Auth**: The vulnerability exists in the authentication check function (`Auth.php`), meaning it can often be triggered during login attempts or API calls without prior authentiβ¦
π£ **Public Exploits**: **YES**. <br>π **PoCs Available**: <br>- Python script by John Hammond to leak usernames. <br>- Full exploit by `0z09e` demonstrating NoSQL Injection to RCE.β¦
π **Self-Check**: <br>1. **Scan**: Use Nuclei templates (`CVE-2020-35846.yaml`) to detect the vulnerability. <br>2. **Verify**: Check your Cockpit version in the admin panel. If it is `< 0.11.2`, you are vulnerable.β¦
β **Official Fix**: **YES**. <br>π§ **Patch**: Released in **Cockpit 0.11.2**. <br>π **Commit**: Fixed via commits `33e7199` and `79fc963` by Agentejo. <br>π **Action**: Upgrade immediately to 0.11.2 or later.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: <br>1. **Update ASAP**: The only true fix is upgrading. <br>2. **WAF**: Deploy a Web Application Firewall to block NoSQL injection patterns (e.g., `$eq`, `$ne`). <br>3.β¦
π₯ **Urgency**: **CRITICAL**. <br>π **Priority**: **P1 - Immediate Action Required**. <br>π‘ **Reason**: Public exploits exist, RCE is possible, and it affects authentication. Do not wait!β¦