漏洞描述
攻击者在未授权的情况下可以读取服务器上的敏感文件,从而获取配置、凭据或用户数据,导致信息泄露甚至进一步入侵。
PWS Dashboard 存在任意文件读取漏洞(CVE-2025-47423)
PoC代码
暂无相关漏洞推荐
- MCPHub Dashboard JWT硬编码身份认证绕过漏洞
- OpenSearch Dashboard为存在默认口令
- OpenSearch Dashboard存在未授权访问
- POC CVE-2018-18264: Kubernetes Dashboard <1.10.1 - Authentication Bypass
- POC CVE-2021-22053: Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
- POC CVE-2021-3223: Node RED Dashboard <2.26.2 - Local File Inclusion
- POC CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
- POC CVE-2022-38817: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
- POC CVE-2023-7246: System Dashboard < 2.8.10 - Cross-Site Scripting
- POC CVE-2025-47423: Personal Weather Station Dashboard 12 - Directory Traversal
- POC CVE-2021-3223: Node RED Dashboard - Directory Traversal
- POC kubernetes-dashboard-enabled: Kubernetes Dashboard for ACK Clusters - Enabled
- POC CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access