CVE-2020-35848

CRITICAL NUCLEI

Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller New Password Function

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-35848. PoCs published by Brian Ombongi, sabbu143s. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates NoSQL injection in Cockpit CMS 0.11.1 to enumerate users, extract password reset tokens, and reset passwords. It leverages the `$func` operator to dump sensitive data via `var_dump`.

Description

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

Exploits (2)

exploitdb WORKING POC

by Brian Ombongi · pythonwebappsmultiple

https://www.exploit-db.com/exploits/50185

View Code ZIP pw:eip

This exploit demonstrates NoSQL injection in Cockpit CMS 0.11.1 to enumerate users, extract password reset tokens, and reset passwords. It leverages the `$func` operator to dump sensitive data via `var_dump`.

Classification

Working Poc 95%

Attack Type

Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Cockpit CMS 0.11.1

No auth needed

Prerequisites: Target URL · Network access to the application

MITRE ATT&CK

T1552 - Unsecured Credentials T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by sabbu143s · poc

https://github.com/sabbu143s/CVE_2020_35848

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-35848, demonstrating a NoSQL injection vulnerability in Agentejo Cockpit CMS < 0.11.2. The exploit automates username enumeration, token extraction, password reset, and admin login to achieve remote code execution via admin-accessible endpoints.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Agentejo Cockpit CMS < 0.11.2

No auth needed

Prerequisites: Dockerized vulnerable instance of Cockpit CMS v0.11.1 · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Agentejo Cockpit <0.12.0 - NoSQL Injection

CRITICALby dwisiswant0

Shodan: http.favicon.hash:688609340 || http.html:"cockpit"

FOFA: icon_hash=688609340 || body="cockpit"

References (5)

Core 5

Core References

Product, Vendor Advisory x_refsource_misc

https://getcockpit.com/

Patch, Vendor Advisory x_refsource_misc

https://github.com/agentejo/cockpit/commit/79fc9631ffa29146e3124ceaf99879b92e1ef24b

Patch, Vendor Advisory x_refsource_misc

https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af

Patch, Vendor Advisory x_refsource_misc

https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163762/Cockpit-CMS-0.11.1-NoSQL-Injection.html

Scores

CVSS v3 9.8

EPSS 0.7499

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

agentejo/cockpit < 0.11.2

Published Dec 30, 2020

Tracked Since Feb 18, 2026