unauthenticated-prtg: PRTG Traffic Grapher - Unauthenticated Access

漏洞描述

PoC代码[已公开]

id: unauthenticated-prtg

info:
  name: PRTG Traffic Grapher - Unauthenticated Access
  author: dhiyaneshDK
  severity: high
  description: PRTG Traffic Grapher was able to be accessed with no authentication requirements in place.
  reference:
    - https://www.exploit-db.com/ghdb/5808
  metadata:
    max-request: 1
  tags: config,unauth,prtg,edb,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/sensorlist.htm"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'PRTG Traffic Grapher'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220464a9c8ffd95fb871cffb63759c7970b75a885bebacdce1892fd9d914134ad50022100dbad8dc0e1de5115d3e0e4d0444db15aa3f609803b88eab4b072cde3cb5e9316:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2022-29081: Zoho ManageEngine - Access Control Bypass
• POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
• POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
• POC CVE-2024-8852: All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure
• POC CVE-2025-12480: Triofox - Improper Access Control
• POC cockroachdb-unauth-exposure: CockroachDB Unauthenticated Console Exposure
• POC CVE-2024-0801: Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll
• POC CVE-2025-44136: MapTiler Tileserver-php v2.0 - Unauthenticated XSS
• POC CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
• POC CVE-2025-52665: UniFi Access - Broken Access Control
• POC CVE-2025-9985: Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
• POC unifi-create-user: UniFi - Unauthenticated Creation Access For Users
• CVE-2019-15107: Webmin <= 1.920 Unauthenticated Remote Command Execution