Home / exploits Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution
Posted on 21 April 2021
This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system. Next, the USER is targeted to reset their password. Then, a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it, the command injection provides a no disk write method which is more stealthy. Cockpit CMS versions 0.10.0 through 0.11.1, inclusive, contain all the necessary vulnerabilities for exploitation.