漏洞描述
API管理系统存在未授权访问,攻击者可利用该漏洞造成用户信息泄露
API管理系统存在未授权访问
PoC代码
暂无相关漏洞推荐
- docker-registry-api-unauth: docker registry api 未经批准
- wavlink-router-live-api-cgi-rce: WavLink Router Live API cgi RCE
- yapi-rce: Yapi RCE
- Docker Desktop Engine API 未授权访问漏洞
- WSO2 API Manager /carbon/generic/save_artifact_ajaxprocessor.jsp XML 外部实体注入漏洞(CVE-2020-24589)
- Richmail 邮件系统openapiservice 存在任意文件上传漏洞
- POC CVE-2019-18818: strapi CMS <3.0.0-beta.17.5 - Admin Password Reset
- POC CVE-2020-13945: Apache APISIX - Insufficiently Protected Credentials
- POC CVE-2020-24589: WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
- POC CVE-2021-21287: MinIO Browser API - Server-Side Request Forgery
- POC CVE-2021-21389: BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution
- POC CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
- POC CVE-2022-24112: Apache APISIX - Remote Code Execution