mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 10:16:59 +00:00
1.4 KiB
1.4 KiB
Junos webauth_operation.php File Upload Vulnerability (CVE-2023-36844)
| Vulnerability | Junos webauth_operation.php File Upload Vulnerability (CVE-2023-36844) |
|---|---|
| Chinese name | Junos webauth_operation.php 文件上传漏洞(CVE-2023-36844) |
| CVSS core | 9.8 |
| FOFA Query (click to view the results directly) | title="Juniper Web Device Manager" || banner="juniper" || header="juniper" || body="svg4everybody/svg4everybody.js" || body="juniper.net/us/en/legal-notices" || body="nativelogin_login_credentials" |
| Number of assets affected | 47518 |
| Description | Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service /webauth_operation.php route of the Junos operating system to upload a php webshell, include it through the ?PHPRC parameter, and gain control of the entire web server. |
| Impact | Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
