Enviar #734272: MineAdmin MineAdmin Enterprise Backend Management System MineAdmin v1.x MineAdmin v2.x Flaw Vulnerabilityinformación

TítuloMineAdmin MineAdmin Enterprise Backend Management System MineAdmin v1.x MineAdmin v2.x Flaw Vulnerability
DescripciónThe MineAdmin backend management system is developed based on the Hyperf framework. It is a backend permission management system that provides a comprehensive permission system, allowing developers to focus on specific businesses, reduce development costs, and improve project efficiency. There is a logic flaw in /system/refresh. The "refresh" method is used to refresh Tokens. An attacker can unauthorizedly construct a JWT signed as a super administrator to directly bypass the system and obtain a legal new Token with administrator privileges. This system uses frontend-backend separation. Default Frontend Port: 8180 Default Backend API Port: 9501 This vulnerability reproduction uses the backend port. The actual environment may vary, please judge accordingly.
Fuente⚠️ https://github.com/SourByte05/MineAdmin-Vulnerability/issues/4
Usuario
 sourbyte (UID 94279)
Sumisión2026-01-08 09:58 (hace 5 meses)
Moderación2026-01-19 15:00 (11 days later)
EstadoAceptado
Entrada de VulDB341780 [MineAdmin 1.x/2.x JWT Token /system/refresh autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!