Vulnerabilities > CVE-2023-4195 - PHP Remote File Inclusion vulnerability in Agentejo Cockpit

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
agentejo
CWE-98

Summary

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

Vulnerable Configurations

Part Description Count
Application
Agentejo
65

Common Attack Pattern Enumeration and Classification (CAPEC)

  • PHP Remote File Inclusion
    In this pattern the attacker is able to load and execute arbitrary code remotely available from the application. This is usually accomplished through an insecurely configured PHP runtime environment and an improperly sanitized "include" or "require" call, which the user can then control to point to any web-accessible file. This allows attackers to hijack the targeted application and force it to execute their own instructions.