Vulnerability: Agentejo Cockpit <0.11.2 - NoSQL Injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.

Impact

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary NoSQL queries, potentially leading to unauthorized access, data manipulation, or denial of service.

Severity

critical

Verified

Unknown