From 26094722616564be851cb5588bf208ce4167bf5f Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Wed, 20 Nov 2024 20:44:28 +0800
Subject: [PATCH] Create Palo-alto-panos createRemoteAppwebSession.php Command
 Execution Vulnerability (CVE-2024-0012)(CVE-2024-9474).md

---
 ...n Vulnerability (CVE-2024-0012)(CVE-2024-9474).md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 Palo-alto-panos createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012)(CVE-2024-9474).md

diff --git a/Palo-alto-panos createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012)(CVE-2024-9474).md b/Palo-alto-panos createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012)(CVE-2024-9474).md
new file mode 100644
index 0000000..9490252
--- /dev/null
+++ b/Palo-alto-panos createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012)(CVE-2024-9474).md	
@@ -0,0 +1,12 @@
+**Updated document date: November 20, 2024** 
+
+## 	palo-alto-panos /php/utils/createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012/CVE-2024-9474)
+|   **Vulnerability**  | 	palo-alto-panos /php/utils/createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012/CVE-2024-9474)|
+| :----:   | :-----|
+|  **Chinese name**  |	palo-alto-panos /php/utils/createRemoteAppwebSession.php 命令执行漏洞（CVE-2024-0012/CVE-2024-9474） |
+| **CVSS core**  | 		9.50 |
+| **FOFA Query**  (click to view the results directly)|  [body="Panos.browser.cookie.set" && body="Panos.browser.param"]
+| **Number of assets affected**  | 27,397  |
+| **Description**  |A command execution vulnerability exists in palo-alto-panos, allowing attackers to execute arbitrary commands via the /php/utils/createRemoteAppwebSession.php/.js.map path without authorization, potentially leading to full system control. |
+
+![](https://s3.bmp.ovh/imgs/2024/11/20/849976b81da4b825.gif)