Vulnerabilities > Agentejo > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-06 CVE-2023-4195 PHP Remote File Inclusion vulnerability in Agentejo Cockpit
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
network
low complexity
agentejo CWE-98
8.8
8.8
2023-07-20 CVE-2023-37649 Unspecified vulnerability in Agentejo Cockpit
Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data.
network
low complexity
agentejo
7.5
7.5
2023-07-20 CVE-2023-37650 Cross-Site Request Forgery (CSRF) vulnerability in Agentejo Cockpit
A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.
network
low complexity
agentejo CWE-352
8.8
8.8
2023-03-10 CVE-2023-1313 Unrestricted Upload of File with Dangerous Type vulnerability in Agentejo Cockpit
Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.
network
low complexity
agentejo CWE-434
8.8
8.8
2023-02-09 CVE-2023-0759 Privilege Chaining vulnerability in Agentejo Cockpit
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.
network
low complexity
agentejo CWE-268
8.8
8.8
2022-08-15 CVE-2022-2818 Improper Cross-boundary Removal of Sensitive Data vulnerability in Agentejo Cockpit
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.
network
low complexity
agentejo CWE-212
8.8
8.8
2021-01-08 CVE-2020-35131 Code Injection vulnerability in Agentejo Cockpit
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
network
low complexity
agentejo CWE-94
7.5
7.5
2020-12-30 CVE-2020-35848 SQL Injection vulnerability in Agentejo Cockpit
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
network
low complexity
agentejo CWE-89
7.5
7.5
2020-12-30 CVE-2020-35847 SQL Injection vulnerability in Agentejo Cockpit
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
network
low complexity
agentejo CWE-89
7.5
7.5
2020-12-30 CVE-2020-35846 SQL Injection vulnerability in Agentejo Cockpit
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
network
low complexity
agentejo CWE-89
7.5
7.5