Create Cockpit_assetsmanager_upload_file_upload_vulnerability_(CVE-2023-1313).md

2025-05-05 10:16:59 +00:00 · 2023-09-29 10:42:37 +08:00 · 2023-09-29 10:42:37 +08:00 · b64379e617
commit b64379e617
parent b0d1c49cea
1 changed files with 12 additions and 0 deletions
--- a/Cockpit_assetsmanager_upload_file_upload_vulnerability_(CVE-2023-1313).md
+++ b/Cockpit_assetsmanager_upload_file_upload_vulnerability_(CVE-2023-1313).md
@ -0,0 +1,12 @@
+## Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313)
+
+|   **Vulnerability**  | 	Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313)  |
+| :----:   | :-----|
+|  **Chinese name**  | 	Cockpit assetsmanager/upload 文件上传漏洞（CVE-2023-1313） |
+| **CVSS core**  | 	7.2 |
+| **FOFA Query**  (click to view the results directly)| [title="Authenticate Please!" \|\| body="password:this.refs.password.value"  \|\| body="UIkit.components.formPassword.prototype.defaults.lblShow"  \|\| body="App.request('/auth/check'"]([https://en.fofa.info/result?qbase64=dGl0bGU9IlJldml2ZSBBZHNlcnZlciIgfHwgYm9keT0ic3RyUGFzc3dvcmRNaW5MZW5ndGgiIHx8IGJvZHk9IldlbGNvbWUgdG8gUmV2aXZlIEFkc2VydmVyIg%3D%3D](https://en.fofa.info/result?qbase64=dGl0bGU9IkF1dGhlbnRpY2F0ZSBQbGVhc2UhIiB8fCBib2R5PSJwYXNzd29yZDp0aGlzLnJlZnMucGFzc3dvcmQudmFsdWUiIHx8IGJvZHk9IlVJa2l0LmNvbXBvbmVudHMuZm9ybVBhc3N3b3JkLnByb3RvdHlwZS5kZWZhdWx0cy5sYmxTaG93IiB8fCBib2R5PSJBcHAucmVxdWVzdCgnL2F1dGgvY2hlY2snIg%3D%3D))|
+| **Number of assets affected**  | 	3185 |
+| **Description**  | 	Cockpit is a self-hosted, flexible and user-friendly headless content platform for creating custom digital experiences.Cockpit has a file upload vulnerability, which allows attackers to upload arbitrary files, leading to server control, etc. |
+| **Impact** | 	Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
+
+![](https://s3.bmp.ovh/imgs/2023/09/29/7fa28d36837b1e06.gif)