漏洞描述
Palo Alto Networks Expedition 中存在一个作系统命令注入漏洞,未经身份验证的攻击者可利用该漏洞,以 Expedition 中的www-data 用户身份运行任意作系统命令,从而导致运行 PAN-OS 软件的防火墙的用户名、明文密码、设备配置和设备 API 密钥泄露。
PaloAlto-Expedition OS命令注入漏洞 (CVE-2025-0107)
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-5910: Palo Alto Expedition - Admin Account Takeover
- POC CVE-2024-9463: PaloAlto Networks Expedition - Remote Code Execution
- POC CVE-2024-9465: Palo Alto Expedition - SQL Injection
- POC CVE-2025-0107: Palo Alto Networks Expedition - OS Command Injection
- POC CVE-2024-9463: Palo Alto Expedition - RCE
- POC CVE-2024-9465: Palo Alto Expedition - SQL Injection
- POC CVE-2024-9466: Palo Alto Expedition - Infomation Disclosure
- Palo Alto Networks Expedition /API/convertCSVtoParquet.php 命令执行漏洞(CVE-2024-9463)
- Palo Alto Networks Expedition /API/convertCSVtoParquet.php 存在命令注入漏洞
- Palo Alto Networks Expedition 需授权 命令注入漏洞
- Palo Alto Networks Expedition 未授权SQL注入漏洞(CVE-2024-9465)
- Palo Alto Networks Expedition 远程命令执行漏洞(CVE-2024-9463)
- Palo Alto Networks Expedition /bin/configurations/parsers/Checkpoint/CHECKPOINT.php 存在SQL注入漏洞