漏洞描述
Palo Alto Networks Expedition是Palo Alto Networks(派拓网络)旗下的组态转移工具。Palo AltoNetworksExpedition中存在的一个SQL注入漏洞,该漏洞允许未经验证的攻击者获取Expedition数据库内容,例如密码哈希、用户名、设备配置和设备API密钥,利用这一点,攻击者还可以在Expedition系统上创建和读取任意文件。
Palo Alto Networks Expedition 未授权SQL注入漏洞(CVE-2024-9465)
PoC代码
暂无相关漏洞推荐
- (CVE-2025-4617)Palo Alto Networks Prisma Browser截图控制绕过漏洞
- (CVE-2025-4618)Palo Alto Networks Prisma Browser敏感信息泄露漏洞
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- PaloAlto-Expedition OS命令注入漏洞 (CVE-2025-0107)
- POC CVE-2018-10141: Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting
- POC CVE-2020-2036: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
- POC CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
- POC CVE-2024-5910: Palo Alto Expedition - Admin Account Takeover
- POC CVE-2024-9463: PaloAlto Networks Expedition - Remote Code Execution
- POC CVE-2024-9465: Palo Alto Expedition - SQL Injection
- POC CVE-2025-0107: Palo Alto Networks Expedition - OS Command Injection
- POC limit-networkaccess-disabled: Limit Network Access to Selected Networks - Disabled