漏洞描述
V2Board是一款稳定、简单、快速、易于使用的多代理协议管理系统。V2Board v1.6.1存在越权访问漏洞,鉴权方式变为从Redis中获取缓存判定是否存在可以调用接口,导致任意用户都可以调用管理员权限的接口获取后台权限。
V2Board admin.php 越权访问漏洞
PoC代码
暂无相关漏洞推荐
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC keycloak-admin-console-config: Keycloak Admin Console Configuration Disclosure
- POC phpmyadmin-fpd: phpMyAdmin Full Path Disclosure
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- Smartadmin 简致微信管理系统默认口令漏洞
- WordPress Plugin Alone Theme /wp-admin/admin-ajax.php beplus_import_pack_install_plugin 文件上传漏洞(CVE-2025-5394)
- WordPress Time Clock 插件 /wp-admin/admin-ajax.php 代码执行漏洞 (CVE-2024-9593)
- (CVE-2025-15003)SeaCMS至13.3版本admin_video.php文件SQL注入漏洞
- WordPress wp-event-solution 插件 /wp-admin/admin-ajax.php 文件读取漏洞(CVE-2025-47445)
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- go-ldap-admin /api/log/operation/list 权限绕过漏洞(CVE-2025-13948)