Submeter #734272: MineAdmin MineAdmin Enterprise Backend Management System MineAdmin v1.x MineAdmin v2.x Flaw Vulnerabilityinformação

TítuloMineAdmin MineAdmin Enterprise Backend Management System MineAdmin v1.x MineAdmin v2.x Flaw Vulnerability
DescriçãoThe MineAdmin backend management system is developed based on the Hyperf framework. It is a backend permission management system that provides a comprehensive permission system, allowing developers to focus on specific businesses, reduce development costs, and improve project efficiency. There is a logic flaw in /system/refresh. The "refresh" method is used to refresh Tokens. An attacker can unauthorizedly construct a JWT signed as a super administrator to directly bypass the system and obtain a legal new Token with administrator privileges. This system uses frontend-backend separation. Default Frontend Port: 8180 Default Backend API Port: 9501 This vulnerability reproduction uses the backend port. The actual environment may vary, please judge accordingly.
Fonte⚠️ https://github.com/SourByte05/MineAdmin-Vulnerability/issues/4
Utilizador
 sourbyte (UID 94279)
Submissão08/01/2026 09h58 (há 5 meses)
Moderação19/01/2026 15h00 (11 days later)
EstadoAceite
Entrada VulDB341780 [MineAdmin 1.x/2.x JWT Token /system/refresh Autenticação fraca]
Pontos20

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!