漏洞描述
Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix >= 173 and < 178, this vulnerability can be exploited only if you provide a valid Staging Service username (default: admin)
kentico-13-auth-bypass-wt-2025-0011: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)
PoC代码
暂无相关漏洞推荐
- 金蝶云星空 /Kingdee.BOS.WebApi.ServicesStub.AuthService.ValidateLoginInfo.common.kdsvc 命令执行漏洞
- POC CVE-2019-15823: WPS Hide Login <= 1.5.2.2 - Login Page Bypass
- POC CVE-2020-13125: Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass
- POC CVE-2022-36923: Zoho ManageEngine - getUserAPIKey Authentication Bypass
- POC CVE-2023-27351: PaperCut NG - Authentication Bypass
- POC CVE-2023-33193: Emby Server - Authentication Bypass
- POC CVE-2024-28200: N-able N-central < 2024.2 - Authentication Bypass Detection
- POC CVE-2025-52970: Fortinet FortiWeb - Authentication Bypass to Admin Privilege
- POC CVE-2025-55184: React Server Components - Denial of Service
- 用友NC及NC Cloud系统 /uapws/service/nc.itf.bap.service.IBapIOService getBapTableDatas SQL 注入漏洞
- POC 网神SecFox运维安全管理与审计系统 /3.0/authService/login 命令执行漏洞
- 亿赛通电子文档安全管理系统 /CDGServer3/NetSecConfigAjax;Service SQL 注入漏洞
- MSService 服务 /base/WCFDBService/mex SQL 注入漏洞