漏洞描述
Spring BootAdmin是一个开源社区项目,用于管理和监控SpringBoot应用程序,功能包括监控网站服务,日志管理器,服务器配置等等。BIM开发配置与运维控制台在未登录的情况下可未授权访问SpringBoot Admin管理控制台及操作。
Spring Boot Admin管理控制台未授权访问
PoC代码
暂无相关漏洞推荐
- Spring Cloud Gateway 信息泄露漏洞(CVE-2025-41243)
- Spring Cloud Gateway环境属性修改漏洞 (CVE-2025-41243)
- CVE-2019-3799: Spring Cloud Config Server Directory Traversal
- springboot-actuator-unauth: Springboot Actuator Unauth
- springblade-export-user-sqli: SpringBlade 框架后台 export-user 路径 SQL 注入漏洞
- hue-default-credential: Cloudera Hue Default Admin Login
- POC spring4shell-CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
- POC CVE-2005-3344: Horde Groupware Unauthenticated Admin Access
- POC CVE-2007-5728: phpPgAdmin <=4.1.1 - Cross-Site Scripting
- POC CVE-2008-5587: phpPgAdmin <=4.2.1 - Local File Inclusion
- POC CVE-2009-1151: PhpMyAdmin Scripts - Remote Code Execution
- POC CVE-2011-4926: Adminimize 1.7.22 - Cross-Site Scripting
- POC CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass