漏洞描述
PWS Dashboard 的 _test.php 文件存在任意文件读取漏洞,攻击者可以通过构造特定请求读取系统中的敏感文件。
PWS Dashboard /others/_test.php 文件读取漏洞(CVE-2025-47423)
PoC代码
暂无相关漏洞推荐
- MCPHub Dashboard JWT硬编码身份认证绕过漏洞
- OpenSearch Dashboard为存在默认口令
- OpenSearch Dashboard存在未授权访问
- POC CVE-2018-18264: Kubernetes Dashboard <1.10.1 - Authentication Bypass
- POC CVE-2021-22053: Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
- POC CVE-2021-3223: Node RED Dashboard <2.26.2 - Local File Inclusion
- POC CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
- POC CVE-2022-38817: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control
- POC CVE-2023-7246: System Dashboard < 2.8.10 - Cross-Site Scripting
- POC CVE-2025-47423: Personal Weather Station Dashboard 12 - Directory Traversal
- POC CVE-2021-3223: Node RED Dashboard - Directory Traversal
- POC kubernetes-dashboard-enabled: Kubernetes Dashboard for ACK Clusters - Enabled
- POC CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access