GobyVuls/CVE-2022-24706.md
Goby ff14746aeb
Create CVE-2022-24706.md
add CVE-2022-24706
2023-04-17 18:32:20 +08:00

1.1 KiB

Apache CouchDB Unauthenticated Remote Code Execution Vulnerability (CVE-2022-24706)

Vulnerability Apache CouchDB Unauthenticated Remote Code Execution Vulnerability (CVE-2022-24706)
Chinese name Apache CouchDB 未认证远程代码执行漏洞 (CVE-2022-24706)
CVSS core 9.8
FOFA Query (click to view the results directly) banner="name couchdb at"
Number of assets affected 2817
Description Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang. An access control error vulnerability existed prior to Apache CouchDB 3.2.2 that stemmed from the ability of an attacker to access an incorrect default installation and gain administrator privileges without authenticating.
Impact Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.