GobyVuls/Cockpit_assetsmanager_upload_file_upload_vulnerability_(CVE-2023-1313).md at master - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00

Goby b64379e617

Create Cockpit_assetsmanager_upload_file_upload_vulnerability_(CVE-2023-1313).md

2023-09-29 10:42:37 +08:00

1.5 KiB

Raw Permalink Blame History

Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313)

Vulnerability	Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313)
Chinese name	Cockpit assetsmanager/upload 文件上传漏洞（CVE-2023-1313）
CVSS core	7.2
FOFA Query (click to view the results directly)	title="Authenticate Please!" \|\| body="password:this.refs.password.value" \|\| body="UIkit.components.formPassword.prototype.defaults.lblShow" \|\| body="App.request('/auth/check'"
Number of assets affected	3185
Description	Cockpit is a self-hosted, flexible and user-friendly headless content platform for creating custom digital experiences.Cockpit has a file upload vulnerability, which allows attackers to upload arbitrary files, leading to server control, etc.
Impact	Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.