GHSA-f6g9-3r3j-32rgHighCVSS 7.5
Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability...
🔗 CVE IDs covered (1)
📋 Description
Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. Attackers can inject dot-dot sequences into the URL to traverse outside the designated spaces directory, and when the resolved path ends with a .php extension, the application passes it to include(), enabling local file inclusion on deployments using the PHP built-in server or certain non-default Nginx configurations.
🔗 References (5)
- https://nvd.nist.gov/vuln/detail/CVE-2026-58467
- https://github.com/cockpit-project/cockpit/releases/tag/364
- https://github.com/geo-chen/oss/blob/main/cockpit.md
- https://www.vulncheck.com/advisories/cockpit-cms-364-path-traversal-local-file-inclusion-via-index-php
- https://github.com/advisories/GHSA-f6g9-3r3j-32rg