漏洞描述
Cockpit 是一个自托管、灵活且用户友好的无头内容平台,用于创建自定义数字体验。Cockpit存在任意文件上传漏洞,通过弱口令登录后可以上传任意文件获取服务器权限。
Cockpit远程代码执行漏洞(CVE-2023-1313)
PoC代码
暂无相关漏洞推荐
- POCCVE-2020-14408: Agentejo Cockpit 0.10.2 - Cross-Site Scripting
- POCCVE-2020-35131: Cockpit CMS 0.6.1 - Remote Code Execution
- POCCVE-2020-35846: Agentejo Cockpit < 0.11.2 - NoSQL Injection
- POCCVE-2020-35847: Agentejo Cockpit <0.11.2 - NoSQL Injection
- POCCVE-2020-35848: Agentejo Cockpit <0.12.0 - NoSQL Injection
- POCCVE-2023-4451: Cockpit - Cross-Site Scripting
- POCCVE-2025-1025: Cockpit < 2.4.1 - Arbitrary File Upload
- POCCVE-2020-14408: Agentejo Cockpit 0.10.2 - Cross-Site Scripting
- POCCVE-2020-35131: Cockpit CMS 0.6.1 - Remote Code Execution
- POCCVE-2020-35846: Agentejo Cockpit < 0.11.2 - NoSQL Injection
- POCCVE-2020-35847: Agentejo Cockpit <0.11.2 - NoSQL Injection
- POCCVE-2020-35848: Agentejo Cockpit <0.12.0 - NoSQL Injection
- POCCVE-2023-4451: Cockpit - Cross-Site Scripting