You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the "smart-admin" demo site,The developers failed to implement strict access control, allowing users to directly access the Druid page.
Impact
Attackers can gain unauthorized access to all SQL statements and sessions in the system. After obtaining the session, they can log into the system backend and expand the damage.
No login or authorization is required to exploit this vulnerability
Vulnerability details and POC
Payload:
/smart-admin-api/druid/index.html
Details
Suggested repair
Add authentication to the Druid page and set a strong password.
smart-admin Druid application Unauthorized access
NAME OF AFFECTED PRODUCT(S)
smart-admin
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
submitter
Vulnerable File
VERSION(S)
PROBLEM TYPE
Vulnerability Type
Root Cause
Impact
No login or authorization is required to exploit this vulnerability
Vulnerability details and POC
Payload:
Details
Suggested repair