Enviar #792601: Cockpit-HQ Cockpit CMS 2.13.5 Injectioninformación

Título	Cockpit-HQ Cockpit CMS 2.13.5 Injection
Descripción	A critical vulnerability was discovered in Cockpit CMS v2.13.5. The application suffers from a NoSQL Injection (NoSQLi) vulnerability due to improper neutralization of special elements in data query logic (CWE-943). Specifically, the endpoints POST /assets/assets and /api/content/aggregate/{model} pass user-controlled JSON objects directly to the MongoDB driver without adequate sanitization of operators. An authenticated attacker with basic read permissions can leverage MongoDB operators such as $regex and $lookup to perform blind data exfiltration or execute cross-collection aggregation. This allows for full database exfiltration, including hashed administrative credentials, API tokens, and 2FA secrets.
Fuente	⚠️ https://github.com/NicolasPauferro/studiesofnosqli
Usuario	Nicolas Pauferro (UID 96903)
Sumisión	2026-03-30 02:58 (hace 22 días)
Moderación	2026-04-19 18:43 (21 days later)
Estado	Aceptado
Entrada de VulDB	358261 [Cockpit-HQ Cockpit hasta 2.13.5 Asset Handler/Aggregate escalada de privilegios]
Puntos	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!