Product
Cockpit CMS is vulnerable to authenticated remote code execution via PHP code injection in the /cockpit/collections/save_collection endpoint, enabling attackers with collection management privileges to execute arbitrary commands on the server.