漏洞描述
strapi 3.0.0-beta.17.5之前版本错误处理在packages/strapiadmin/controllers/Auth.js和packages/strapi plugin userspermissions/controllers/Auth.js中重置密码。
Strapi CMS admin 密码重置 -未授权(CVE-2019-18818)
PoC代码
暂无相关漏洞推荐
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC keycloak-admin-console-config: Keycloak Admin Console Configuration Disclosure
- POC phpmyadmin-fpd: phpMyAdmin Full Path Disclosure
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- Smartadmin 简致微信管理系统默认口令漏洞
- WordPress Plugin Alone Theme /wp-admin/admin-ajax.php beplus_import_pack_install_plugin 文件上传漏洞(CVE-2025-5394)
- WordPress Time Clock 插件 /wp-admin/admin-ajax.php 代码执行漏洞 (CVE-2024-9593)
- (CVE-2025-15003)SeaCMS至13.3版本admin_video.php文件SQL注入漏洞
- WordPress wp-event-solution 插件 /wp-admin/admin-ajax.php 文件读取漏洞(CVE-2025-47445)
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- go-ldap-admin /api/log/operation/list 权限绕过漏洞(CVE-2025-13948)