Primary

Context

JAdmin-JAVA JAdmin Improper Authentication Vulnerability in Admin Backend Component

Vulnerability

A critical improper authentication vulnerability has been identified in JAdmin-JAVA JAdmin version 1.0. The issue resides in the Admin Backend component, specifically within the toLogin function of the NoNeedLoginController.java file. This vulnerability allows remote access to background routes without authorization, potentially leading to unauthorized actions such as adding users or viewing logs.

Impact

Exploitation of this vulnerability allows unauthorized access to the admin backend, where super administrator privileges can be obtained. This access enables the addition of users, log management, and other administrative functions.

Reproduction

The vulnerability can be reproduced by accessing the admin backend at http://127.0.0.1:8999/admin without any login credentials. This access can be achieved by bypassing authentication restrictions, which are not enforced in this version of the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JAdmin-JAVA JAdmin Improper Authentication Vulnerability in Admin Backend Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating