### [CVE-2021-45232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45232)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20APISIX%20Dashboard&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.10%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.7%20and%202.7.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.8%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brightgreen)

### Description

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0x0021h/expbox
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Drajoncr/AttackWebFrameworkTools
- https://github.com/GYLQ/CVE-2021-45232-RCE
- https://github.com/Greetdawn/Apache-APISIX-dashboard-RCE
- https://github.com/Hatcat123/my_stars
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Ilovewomen/cve-2021-45232
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/Kuibagit/CVE-2021-45232-RCE
- https://github.com/LTiDi2000/CVE-2021-45232
- https://github.com/Mr-xn/CVE-2022-24112
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Nefcore/MatchX
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Osyanina/westone-CVE-2021-45232-scanner
- https://github.com/SYRTI/POC_to_review
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/YutuSec/Apisix_Crack
- https://github.com/Z0fhack/Goby_POC
- https://github.com/b4zinga/Raphael
- https://github.com/badboycxcc/CVE-2021-45232-POC
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bigblackhat/oFx
- https://github.com/cboss43/CVE-2024-25600
- https://github.com/chemouri13/MatchX
- https://github.com/dskho/CVE-2021-45232
- https://github.com/f11t3rStAr/f11t3rStAr
- https://github.com/fany0r/CVE-2021-45232-RCE
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/huimzjty/vulwiki
- https://github.com/itxfahdi/-cve-2021-45232
- https://github.com/jxpsx/CVE-2021-45232-RCE
- https://github.com/leveryd/leveryd
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0
- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/openx-org/BLEN
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/peiqiF4ck/WebFrameworkTools-5.5
- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/qiuluo-oss/Tiger
- https://github.com/ranhn/Goby-Poc
- https://github.com/shengshengli/AttackWebFrameworkTools-5.0
- https://github.com/soosmile/POC
- https://github.com/t0m4too/t0m4to
- https://github.com/trhacknon/Pocingit
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/wuppp/cve-2021-45232-exp
- https://github.com/xiju2003/-cve-2021-45232
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yggcwhat/CVE-2021-45232
- https://github.com/zecool/cve