Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Cockpit CMS by agentejo
CVE-2026-13533 (GCVE-0-2026-13533)
Vulnerability from nvd – Published: 2026-06-29 04:00 – Updated: 2026-06-29 14:52
VLAI
EPSS
VEX
Title
agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access
Summary
A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/374541 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/374541/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-13533 | third-party-advisory |
| https://vuldb.com/submit/841343 | third-party-advisory |
| https://gist.github.com/nov-1337/3eb0a06c602ced9c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| agentejo | Cockpit CMS |
Affected:
0.12.0
Affected: 0.12.1 Affected: 0.12.2 cpe:2.3:a:agentejo:cockpit_cms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13533",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T13:36:36.412082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T14:52:49.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:agentejo:cockpit_cms:*:*:*:*:*:*:*:*"
],
"modules": [
"htaccess Handler"
],
"product": "Cockpit CMS",
"vendor": "agentejo",
"versions": [
{
"status": "affected",
"version": "0.12.0"
},
{
"status": "affected",
"version": "0.12.1"
},
{
"status": "affected",
"version": "0.12.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nov_ (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or Directories Accessible",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T04:00:07.810Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-374541 | agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/374541"
},
{
"name": "VDB-374541 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/374541/cti"
},
{
"name": "CVE-2026-13533 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-13533"
},
{
"name": "Submit #841343 | Agentejo Cockpit CMS 0.12.2 CWE-552: Files or Directories Accessible to External Parties",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/841343"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/nov-1337/3eb0a06c602ced9c3b11b675b53947da"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-28T11:27:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-13533",
"datePublished": "2026-06-29T04:00:07.810Z",
"dateReserved": "2026-06-28T09:22:22.699Z",
"dateUpdated": "2026-06-29T14:52:49.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-4825 (GCVE-0-2024-4825)
Vulnerability from nvd – Published: 2024-05-13 11:23 – Updated: 2024-08-01 20:55
VLAI
EPSS
VEX
Title
Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo
Summary
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Agentejo | Cockpit CMS |
Affected:
0.5.5
|
|
| agentejo | cockpit |
Affected:
0.5.5
cpe:2.3:a:agentejo:cockpit:0.5.5:*:*:*:*:*:*:* |
Date Public
2024-05-13 11:14
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:agentejo:cockpit:0.5.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "agentejo",
"versions": [
{
"status": "affected",
"version": "0.5.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T16:04:16.036250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T16:05:02.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cockpit CMS",
"vendor": "Agentejo",
"versions": [
{
"status": "affected",
"version": "0.5.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"datePublic": "2024-05-13T11:14:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in \u2018/media/api\u2019 parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure."
}
],
"value": "A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in \u2018/media/api\u2019 parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T11:23:20.416Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 2.7.0.\u003cbr\u003e"
}
],
"value": "Update to version 2.7.0.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-4825",
"datePublished": "2024-05-13T11:23:20.416Z",
"dateReserved": "2024-05-13T08:15:39.916Z",
"dateUpdated": "2024-08-01T20:55:10.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-13533 (GCVE-0-2026-13533)
Vulnerability from cvelistv5 – Published: 2026-06-29 04:00 – Updated: 2026-06-29 14:52
VLAI
EPSS
VEX
Title
agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access
Summary
A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/374541 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/374541/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-13533 | third-party-advisory |
| https://vuldb.com/submit/841343 | third-party-advisory |
| https://gist.github.com/nov-1337/3eb0a06c602ced9c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| agentejo | Cockpit CMS |
Affected:
0.12.0
Affected: 0.12.1 Affected: 0.12.2 cpe:2.3:a:agentejo:cockpit_cms:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13533",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T13:36:36.412082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T14:52:49.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:agentejo:cockpit_cms:*:*:*:*:*:*:*:*"
],
"modules": [
"htaccess Handler"
],
"product": "Cockpit CMS",
"vendor": "agentejo",
"versions": [
{
"status": "affected",
"version": "0.12.0"
},
{
"status": "affected",
"version": "0.12.1"
},
{
"status": "affected",
"version": "0.12.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nov_ (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or Directories Accessible",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "Direct Request",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T04:00:07.810Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-374541 | agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/374541"
},
{
"name": "VDB-374541 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/374541/cti"
},
{
"name": "CVE-2026-13533 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-13533"
},
{
"name": "Submit #841343 | Agentejo Cockpit CMS 0.12.2 CWE-552: Files or Directories Accessible to External Parties",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/841343"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/nov-1337/3eb0a06c602ced9c3b11b675b53947da"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-28T11:27:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-13533",
"datePublished": "2026-06-29T04:00:07.810Z",
"dateReserved": "2026-06-28T09:22:22.699Z",
"dateUpdated": "2026-06-29T14:52:49.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-4825 (GCVE-0-2024-4825)
Vulnerability from cvelistv5 – Published: 2024-05-13 11:23 – Updated: 2024-08-01 20:55
VLAI
EPSS
VEX
Title
Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo
Summary
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Agentejo | Cockpit CMS |
Affected:
0.5.5
|
|
| agentejo | cockpit |
Affected:
0.5.5
cpe:2.3:a:agentejo:cockpit:0.5.5:*:*:*:*:*:*:* |
Date Public
2024-05-13 11:14
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:agentejo:cockpit:0.5.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit",
"vendor": "agentejo",
"versions": [
{
"status": "affected",
"version": "0.5.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T16:04:16.036250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T16:05:02.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cockpit CMS",
"vendor": "Agentejo",
"versions": [
{
"status": "affected",
"version": "0.5.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"datePublic": "2024-05-13T11:14:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in \u2018/media/api\u2019 parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure."
}
],
"value": "A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in \u2018/media/api\u2019 parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T11:23:20.416Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 2.7.0.\u003cbr\u003e"
}
],
"value": "Update to version 2.7.0.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-4825",
"datePublished": "2024-05-13T11:23:20.416Z",
"dateReserved": "2024-05-13T08:15:39.916Z",
"dateUpdated": "2024-08-01T20:55:10.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}