CVE-2023-1313

HIGH

Cockpit < 2.4.1 - Unrestricted Upload of File with Dangerous Type

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-1313. PoCs published by Acczdy.

AI-analyzed exploit summary This repository contains a functional Python-based exploit for CVE-2023-1313, an arbitrary file upload vulnerability in Cockpit CMS ≤2.4.1. The PoC includes authentication bypass, file upload, and command execution capabilities.

Description

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.

Exploits (1)

github WORKING POC

by Acczdy · pythonpoc

https://github.com/Acczdy/CVE-Vault/tree/master/CVE-2023-1313

View Code ZIP pw:eip

This repository contains a functional Python-based exploit for CVE-2023-1313, an arbitrary file upload vulnerability in Cockpit CMS ≤2.4.1. The PoC includes authentication bypass, file upload, and command execution capabilities.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cockpit CMS ≤2.4.1

Auth required

Prerequisites: valid admin credentials · access to the Cockpit CMS admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 10, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/cockpit-hq/cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592

View Patch ZIP pw:eip

Exploit, Patch, Third Party Advisory

https://huntr.dev/bounties/f73eef49-004f-4b3b-9717-90525e65ba61

Scores

CVSS v3 8.8

EPSS 0.0048

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

agentejo/cockpit < 2.4.0

cockpit-hq/cockpit 0 - 2.4.1Packagist

Published Mar 10, 2023

Tracked Since Feb 18, 2026