提交 #734272: MineAdmin MineAdmin Enterprise Backend Management System MineAdmin v1.x MineAdmin v2.x Flaw Vulnerability信息

标题MineAdmin MineAdmin Enterprise Backend Management System MineAdmin v1.x MineAdmin v2.x Flaw Vulnerability
描述The MineAdmin backend management system is developed based on the Hyperf framework. It is a backend permission management system that provides a comprehensive permission system, allowing developers to focus on specific businesses, reduce development costs, and improve project efficiency. There is a logic flaw in /system/refresh. The "refresh" method is used to refresh Tokens. An attacker can unauthorizedly construct a JWT signed as a super administrator to directly bypass the system and obtain a legal new Token with administrator privileges. This system uses frontend-backend separation. Default Frontend Port: 8180 Default Backend API Port: 9501 This vulnerability reproduction uses the backend port. The actual environment may vary, please judge accordingly.
来源⚠️ https://github.com/SourByte05/MineAdmin-Vulnerability/issues/4
用户
 sourbyte (UID 94279)
提交2026-01-08 09時58分 (5 月前)
管理2026-01-19 15時00分 (11 days later)
状态已接受
VulDB条目341780 [MineAdmin 1.x/2.x JWT Token /system/refresh 弱身份验证]
积分20

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!