CVE-2020-35131

Name of the Vulnerable Software and Affected Versions: Cockpit versions prior to 0.6.1

Description: The issue allows an attacker to inject custom PHP code and achieve Remote Command Execution via the registerCriteriaFunction in lib/MongoLite/Database.php. This can be demonstrated by sending values in JSON data to the "/auth/check" or "/auth/requestreset" API endpoints.

Recommendations: For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the registerCriteriaFunction in lib/MongoLite/Database.php to minimize the risk of exploitation. Avoid using the vulnerable API endpoints "/auth/check" and "/auth/requestreset" until the issue is resolved.