Soumettre #734272: MineAdmin MineAdmin Enterprise Backend Management System MineAdmin v1.x MineAdmin v2.x Flaw Vulnerabilityinformation

TitreMineAdmin MineAdmin Enterprise Backend Management System MineAdmin v1.x MineAdmin v2.x Flaw Vulnerability
DescriptionThe MineAdmin backend management system is developed based on the Hyperf framework. It is a backend permission management system that provides a comprehensive permission system, allowing developers to focus on specific businesses, reduce development costs, and improve project efficiency. There is a logic flaw in /system/refresh. The "refresh" method is used to refresh Tokens. An attacker can unauthorizedly construct a JWT signed as a super administrator to directly bypass the system and obtain a legal new Token with administrator privileges. This system uses frontend-backend separation. Default Frontend Port: 8180 Default Backend API Port: 9501 This vulnerability reproduction uses the backend port. The actual environment may vary, please judge accordingly.
La source⚠️ https://github.com/SourByte05/MineAdmin-Vulnerability/issues/4
Utilisateur
 sourbyte (UID 94279)
Soumission08/01/2026 09:58 (il y a 5 mois)
Modérer19/01/2026 15:00 (11 days later)
StatutAccepté
Entrée VulDB341780 [MineAdmin 1.x/2.x JWT Token /system/refresh authentification faible]
Points20

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!