Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:55 p.m.11 views

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.5AI score0.96182EPSS
Exploits16References1
GithubExploit
GithubExploit
added 2022/12/03 2:31 p.m.535 views

Exploit for Authentication Bypass by Spoofing in Apache Apisix

POCs Collected POCs CVE-2022-24112 To create a test...

9.8CVSS8AI score0.96182EPSS
Exploits16
Information Security Automation
Information Security Automation
added 2022/10/21 8:10 p.m.160 views

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...

10CVSS1.1AI score0.99999EPSS
Exploits969
The Hacker News
The Hacker News
added 2022/08/29 4:23 a.m.202 views

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...

10CVSS1.7AI score0.99939EPSS
Exploits72
Check Point Advisories
Check Point Advisories
added 2022/04/05 12:0 a.m.31 views

Apache APISIX Remote Code Execution (CVE-2022-24112)

A remote code execution vulnerability exists in Apache APISIX. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system...

7.5CVSS5.3AI score0.96182EPSS
Exploits16
GithubExploit
GithubExploit
added 2022/03/17 8:22 a.m.483 views

Exploit for Authentication Bypass by Spoofing in Apache Apisix

CVE-2022-24112-POC Apache APISIX 2.12.1 Rem...

9.8CVSS10AI score0.96182EPSS
Exploits16
GithubExploit
GithubExploit
added 2022/03/16 9:19 a.m.430 views

Exploit for Authentication Bypass by Spoofing in Apache Apisix

Apache APISIX Remote Code Execution CVE-2022-24112 Exploit...

9.8CVSS10AI score0.96182EPSS
Exploits16
0day.today
0day.today
added 2022/03/16 12:0 a.m.359 views

Apache APISIX 2.12.1 - Remote Code Execution Exploit

Exploit Title: Apache APISIX 2.12.1 - Remote Code Execution RCE Exploit Author: Ven3xy Vendor Homepage: https://apisix.apache.org/ Version: Apache APISIX 1.3 – 2.12.1 Tested on: CentOS 7 CVE : CVE-2022-24112 import requests import sys class color: HEADER = '\03395m' IMPORTANT = '\3335m' NOTICE =...

9.8CVSS9.6AI score0.96182EPSS
Exploits16
Packet Storm
Packet Storm
added 2022/03/16 12:0 a.m.300 views

Apache APISIX 2.12.1 Remote Code Execution

Exploit Title: Apache APISIX 2.12.1 - Remote Code Execution RCE Date: 2022-03-16 Exploit Author: Ven3xy Vendor Homepage: https://apisix.apache.org/ Version: Apache APISIX 1.3 – 2.12.1 Tested on: CentOS 7 CVE : CVE-2022-24112 import requests import sys class color: HEADER = '\03395m' IMPORTANT =...

9.8CVSS0.1AI score0.96182EPSS
Exploits16
Exploit DB
Exploit DB
added 2022/03/16 12:0 a.m.348 views

Apache APISIX 2.12.1 - Remote Code Execution (RCE)

Exploit Title: Apache APISIX 2.12.1 - Remote Code Execution RCE Date: 2022-03-16 Exploit Author: Ven3xy Vendor Homepage: https://apisix.apache.org/ Version: Apache APISIX 1.3 – 2.12.1 Tested on: CentOS 7 CVE : CVE-2022-24112 import requests import sys class color: HEADER = '\03395m' IMPORTANT =...

9.8CVSS9.6AI score0.96182EPSS
Exploits16
GithubExploit
GithubExploit
added 2022/03/08 5:8 p.m.362 views

Exploit for CVE-2022-244112

CVE-2022-24112: Apache APISIX Remote Code Ex...

9.8CVSS9.8AI score0.96182EPSS
Exploits16
GithubExploit
GithubExploit
added 2022/03/08 5:8 p.m.480 views

Exploit for Authentication Bypass by Spoofing in Apache Apisix

CVE-2022-24112: Apache APISIX Remote Code Ex...

9.8CVSS9.8AI score0.96182EPSS
Exploits16
Metasploit
Metasploit
added 2022/03/07 5:42 p.m.651 views

APISIX Admin API default access token RCE

Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...

9.8CVSS8.4AI score0.96182EPSS
Exploits18
Packet Storm
Packet Storm
added 2022/03/07 12:0 a.m.702 views

Apache APISIX Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'APISIX Admin API default access token RCE', 'Description' = %q Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1...

9.8CVSS0.96182EPSS
Exploits18
GithubExploit
GithubExploit
added 2022/02/22 2:9 p.m.552 views

Exploit for Authentication Bypass by Spoofing in Apache Apisix

CVE-2022-24112 CVE-2022-24112: Apache APISIX apisix/batch-re...

9.8CVSS7.5AI score0.96182EPSS
Exploits20
Circl
Circl
added 2022/02/11 4:29 p.m.10 views

CVE-2022-24112

creationtimestamp| type| source ---|---|--- 2022-02-11 16:29:40+00:00| seen| https://t.me/cibsecurity/37298 2022-02-21 11:58:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1516 2022-02-21 16:34:10+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1518 2022-02-21...

9.8CVSS7.5AI score0.96182EPSS
In wildExploits16References26
NVD
NVD
added 2022/02/11 1:15 p.m.40 views

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS0.96182EPSS
Exploits16References5
OSV
OSV
added 2022/02/11 12:20 p.m.46 views

CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.7AI score0.96182EPSS
Exploits16References7
CVE
CVE
added 2022/02/11 12:20 p.m.1059 views

CVE-2022-24112

CVE-2022-24112 affects Apache APISIX. It arises from the batch-requests plugin, where a bug can bypass the Admin API IP restriction, enabling remote code execution. Exploits/PoCs exist for APISIX 2.12.0–2.12.1 demonstrating RCE via admin API path and Lua code injection in routes, with documented ...

9.8CVSS9.7AI score0.96182EPSS
In wildExploits16References5Affected Software1
Cvelist
Cvelist
added 2022/02/11 12:20 p.m.34 views

CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.9AI score0.96182EPSS
Exploits16References4
Rows per page
Query Builder