Vulnerabilities > Agentejo

DATE CVE VULNERABILITY TITLE RISK
2023-07-20 CVE-2023-37650 Cross-Site Request Forgery (CSRF) vulnerability in Agentejo Cockpit
A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.
network
low complexity
agentejo CWE-352
8.8
2023-03-10 CVE-2023-1313 Unrestricted Upload of File with Dangerous Type vulnerability in Agentejo Cockpit
Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.
network
low complexity
agentejo CWE-434
8.8
2023-03-03 CVE-2023-1160 Use of Platform-Dependent Third Party Components vulnerability in Agentejo Cockpit
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.
local
low complexity
agentejo CWE-1103
5.5
2023-02-21 CVE-2021-32857 Cross-site Scripting vulnerability in Agentejo Cockpit
Cockpit is a content management system that allows addition of content management functionality to any site.
network
low complexity
agentejo CWE-79
6.1
2023-02-11 CVE-2023-0780 Improper Restriction of Rendered UI Layers or Frames vulnerability in Agentejo Cockpit
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.
network
low complexity
agentejo CWE-1021
5.4
2023-02-09 CVE-2023-0759 Privilege Chaining vulnerability in Agentejo Cockpit
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.
network
low complexity
agentejo CWE-268
8.8
2022-08-15 CVE-2022-2818 Improper Cross-boundary Removal of Sensitive Data vulnerability in Agentejo Cockpit
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.
network
low complexity
agentejo CWE-212
8.8
2022-08-08 CVE-2022-2713 Insufficient Session Expiration vulnerability in Agentejo Cockpit
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.
network
low complexity
agentejo CWE-613
critical
9.8
2021-01-08 CVE-2020-35131 Code Injection vulnerability in Agentejo Cockpit
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
network
low complexity
agentejo CWE-94
critical
9.8
2020-12-30 CVE-2020-35848 SQL Injection vulnerability in Agentejo Cockpit
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
network
low complexity
agentejo CWE-89
critical
9.8