CVE-2018-9302

CRITICAL

Cockpit 0.4.4-0.5.5 - Server-Side Request Forgery via URL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9302. PoCs published by Qian Wu_ Bo Wang_ Jiawang Zhang.

AI-analyzed exploit summary This is a writeup describing an SSRF vulnerability in Cockpit CMS versions 0.4.4 to 0.5.5. The exploit leverages the `url` parameter in `/assets/lib/fuc.js.php` to perform server-side requests to arbitrary internal or external resources, bypassing previous fixes.

Description

SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4.

Exploits (1)

exploitdb WRITEUP
by Qian Wu_ Bo Wang_ Jiawang Zhang · textwebappsphp
https://www.exploit-db.com/exploits/44567

This is a writeup describing an SSRF vulnerability in Cockpit CMS versions 0.4.4 to 0.5.5. The exploit leverages the `url` parameter in `/assets/lib/fuc.js.php` to perform server-side requests to arbitrary internal or external resources, bypassing previous fixes.

Classification
Writeup 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: Cockpit CMS 0.4.4-0.5.5
No auth needed
Prerequisites: Access to the target's `/assets/lib/fuc.js.php` endpoint · Ability to host a malicious redirect.php file on an attacker-controlled server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/May/10
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44567/

Scores

CVSS v3 9.1
EPSS 0.1085
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-918
Status published
Products (1)
getcockpit/cockpit 0.4.4 - 0.5.5
Published May 02, 2018
Tracked Since Feb 18, 2026