admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-07 19:16:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Junos_webauth_operation.php_PHPRC_Code_Execution_Vulnerability.md

14 lines
1.4 KiB
Markdown
Raw Normal View History

Create Junos_webauth_operation.php_PHPRC_Code_Execution_Vulnerability.md
2023-10-11 20:50:21 +08:00
## Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846)
| **Vulnerability** | Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846) |
| :----: | :-----|
| **Chinese name** | Junos webauth_operation.php PHPRC 代码执行漏洞CVE-2023-36845/CVE-2023-36846 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [app="JUNIPer-Web-Device-Manager"](https://en.fofa.info/result?qbase64=IHRpdGxlPSJKdW5pcGVyIFdlYiBEZXZpY2UgTWFuYWdlciIgfHwgYmFubmVyPSJqdW5pcGVyIiB8fCBoZWFkZXI9Imp1bmlwZXIiIHx8IGJvZHk9InN2ZzRldmVyeWJvZHkvc3ZnNGV2ZXJ5Ym9keS5qcyIgfHwgYm9keT0ianVuaXBlci5uZXQvdXMvZW4vbGVnYWwtbm90aWNlcyIgfHwgYm9keT0ibmF0aXZlbG9naW5fbG9naW5fY3JlZGVudGlhbHMi)|
| **Number of assets affected** | 43627 |
| **Description** | Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service of the Junos operating system to pass in the PHPRC environment variable, turn on the allow_url_include setting, run the incoming encoded PHP code, and gain control of the entire web server. |
| **Impact** | Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2023/10/11/3e4434d6602a32a6.gif)
Reference in New Issue Copy Permalink