admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2024-11-20 20:43:31 +08:00 committed by GitHub
parent b27d068d93
commit c506b92a39
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
GobyVuls-Document.md
View File

@ -1,6 +1,19 @@
# Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: November 20, 2024**
## palo-alto-panos /php/utils/createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012/CVE-2024-9474)
| **Vulnerability** | palo-alto-panos /php/utils/createRemoteAppwebSession.php Command Execution Vulnerability (CVE-2024-0012/CVE-2024-9474)|
| :----: | :-----|
| **Chinese name** | palo-alto-panos /php/utils/createRemoteAppwebSession.php 命令执行漏洞CVE-2024-0012/CVE-2024-9474 |
| **CVSS core** | 9.50 |
| **FOFA Query** (click to view the results directly)| [body="Panos.browser.cookie.set" && body="Panos.browser.param"]
| **Number of assets affected** | 27,397 |
| **Description** |A command execution vulnerability exists in palo-alto-panos, allowing attackers to execute arbitrary commands via the /php/utils/createRemoteAppwebSession.php/.js.map path without authorization, potentially leading to full system control. |
![](https://s3.bmp.ovh/imgs/2024/11/20/849976b81da4b825.gif)
**Updated document date: October 31, 2024**
## Apache Solr /solr/admin/info/properties:/admin/info/key Permission Bypass Vulnerability(CVE-2024-45216)