Vulnerability: Agentejo Cockpit <0.12.0 - NoSQL Injection

Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form.

Impact

Successful exploitation of this vulnerability could allow an attacker to manipulate database queries, potentially leading to unauthorized access, data leakage, or data corruption.

Severity

critical

Verified

Unknown