Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Insecure Admin Access

This page lists 25 vulnerabilities in this category.

High: 15 Medium: 7 Low: 2 Information: 1
Vulnerability Name
CVE
CWE
Severity
Database User Has Admin Privileges
-
CWE-267
High
OSGi Management Console Default Credentials
-
CWE-521
High
Fortinet Authentication bypass on administrative interface
CVE-2022-40684
CWE-288
High
Apache Airflow Unauthorized Access Vulnerability
-
CWE-200
High
RethinkDB administrative interface publicly exposed
-
CWE-200
High
SAP NetWeaver RECON CVE-2020-6287
CVE-2020-6287
CWE-287
High
Ektron CMS Account Hijack
-
CWE-264
High
Kentico CMS RCE CVE-2017-17736
CVE-2017-17736
CWE-425
High
Unrestricted access to Odoo DB manager
-
CWE-200
High
Jupyter Notebook publicly accessible
-
CWE-78
High
Apache ActiveMQ default administrative credentials
-
-
High
Unprotected phpMyAdmin interface
-
CWE-205
High
Apache Tomcat insecure default administrative password
CVE-2009-3548
CWE-284
High
Apache Geronimo default administrative credentials
-
CWE-693
High
VirtueMart access control bypass
-
CWE-287
High
Apache balancer-manager application publicly accessible
-
CWE-200
Medium
Typo3 Install Tool publicly accessible
-
CWE-200
Medium
Apache Airflow Exposed configuration
-
CWE-200
Medium
Unprotected Apache NiFi API interface
-
CWE-287
Medium
Unprotected Kong Gateway Admin API interface
-
CWE-287
Medium
Unauthorized Access to a web app installer
-
CWE-200
Medium
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112)
CVE-2022-24112
CWE-259
Medium
WordPress admin accessible without HTTP authentication
-
CWE-16
Low
ColdFusion administrator login page publicly available
-
CWE-200
Low
Typo3 Admin publicly accessible
-
CWE-200
Information