cve/CVE-2020-13945.md at 8d17e0c8f8dcf0cf9abdcefadf7dbc6d73d1b980

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 8d17e0c8f8 Update CVE sources 2024-08-24 17:55

2024-08-24 17:55:21 +00:00

Description

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

POC

Reference

http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/CLincat/vulcat
https://github.com/HimmelAward/Goby_POC
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/YutuSec/Apisix_Crack
https://github.com/Z0fhack/Goby_POC
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/bigblackhat/oFx
https://github.com/openx-org/BLEN
https://github.com/qiuluo-oss/Tiger
https://github.com/samurai411/toolbox
https://github.com/t0m4too/t0m4to
https://github.com/tanjiti/sec_profile

1.3 KiB Raw Blame History

CVE-2020-13945

Description

POC

Reference

Github

1.3 KiB

Raw Blame History