漏洞描述
MCP Inspector小于版本0.14.1存在未授权访问漏洞,未经身份验证的攻击者能够通过标准输入输出启动MCP命令。
MCP Inspector小于版本0.14.1存在未授权访问漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
- POC CVE-2019-14950: WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
- POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
- POC CVE-2019-4061: IBM BigFix Platform - Information Disclosure
- POC CVE-2020-20627: GiveWP - Missing Authorization to Settings Update
- POC CVE-2020-26836: SAP Solution Manager - Open Redirect
- POC CVE-2021-2135: Oracle WebLogic Server - Remote Code Execution
- POC CVE-2021-23394: elFinder < 2.1.58 - Remote Code Execution
- POC CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
- POC CVE-2021-4073: RegistrationMagic <= 5.0.1.7 - Authentication Bypass
- POC CVE-2022-0879: Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
- POC CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
- POC CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting