KONGA 漏洞列表

共找到 2 个与 KONGA 相关的漏洞

📅 加载漏洞趋势中...

konga-default-jwt-key: KONGA Arbitrary user login vulnerability POC

日期: 2025-09-01 | 影响软件: konga-default-jwt-key

The default key of Konga JWT is oursecret, which can forge arbitrary user permissions FOFA: app="Konga-Api-Gateway"
CVE-2021-42192: KONGA 0.14.9 - Privilege Escalation POC

日期: 2025-08-01 | 影响软件: KONGA

KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.