漏洞描述
Powertek是一家为服务器机架制造数据中心级智能PDU(配电单元,即重型电源线)的公司,PowertekPDU存在认证绕过漏洞,攻击者可利用漏洞绕过活动会话授权检查。然后可以使用它来获取受保护系统的值。
Powertek Firmware 小于3.30.30版本get_param.cgi处存在认证绕过(CVE-2022-33174)
PoC代码
暂无相关漏洞推荐
- Flowise /api/v1/node-load-method/customMCP 命令执行漏洞(CVE-2025-8943)
- dpanel /api/app/compose/get-from-uri 文件读取漏洞(CVE-2025-53363)
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446/CVE-2025-58034)
- POC CVE-2018-13317: TOTOLINK A3002RU 1.0.8 - Information Disclosure
- POC CVE-2019-19823: TOTOLINK/Realtek Routers - Information Disclosure
- POC CVE-2021-34427: Eclipse BIRT Viewer - Remote Code Execution
- POC CVE-2025-55523: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
- POC CVE-2025-9316: N-central - Authentication Bypass
- POC CVE-2024-37656: GnuBoard5 5.5.16 - Open Redirect
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446)
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC CVE-2025-51991: XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)
- 美特CRM /common/jsp/upload3.jsp 文件上传漏洞