漏洞描述
【漏洞对象】Trivum Multiroom Setup Tool 【涉及版本】Trivum Multiroom Setup Tool v8.76 【漏洞描述】音乐控制软件Trivum Multiroom Setup ToolV8.76版本的web端管理页面/xml/system/setAttribute.xml文件存在重置登入凭证的漏洞,任意未授权攻击者只要访问特定的url,即可重置登入验证功能,造成未授权用户登入。
Trivum Multiroom Setup Tool v8.76 setAttribute.xml-管理员登入绕过(CVE-2018-13859)
PoC代码
暂无相关漏洞推荐
- POC churchcrm-installer: ChurchCRM - Setup Exposure
- ZKTeco BioTime v8.5.5存在路径遍历漏洞(CVE-2023-38950)
- POC CVE-2012-5321: TikiWiki CMS Groupware v8.3 - Open Redirect
- POC CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
- POC CVE-2021-41192: Redash Setup Configuration - Default Secrets Disclosure
- POC CVE-2021-43798: Grafana v8.x - Arbitrary File Read
- POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
- POC CVE-2022-32444: u5cms v8.3.5 - Open Redirect
- POC CVE-2023-38950: ZKTeco BioTime v8.5.5 - Path Traversal
- POC CVE-2024-39250: EfroTech Timetrax v8.3 - Sql Injection
- POC CVE-2024-48360: Qualitor <= v8.24 - Server-Side Request Forgery
- POC CVE-2025-2129: Mage AI - Insecure Default Authentication Setup
- POC CNVD-2022-60632: 畅捷通T+ SetupAccount 任意文件上传