CVE-2020-35847
Description
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
NVD
Severity: CRITICAL
CVE ID: CVE-2020-35847
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2020-35847
Refrence: Project Discovery GitHub
w33vils
CVE-2020-35847, CVE-2020-35848 : Account Takeover
Refrence: GitHub