Palo Alto Expedition 漏洞列表

Palo Alto Networks Expedition的/API/convertCSVtoParquet.php接口存在命令注入漏洞，未经身份验证的攻击者可利用该漏洞在Expedition中以root身份运行任意系统命令，从而导致PAN-OS防火墙的用户名、明文密码、设备配置和设备API密钥泄露。 fofa: title="Expedition Project"

Palo Alto Networks Expedition的/bin/configurations/parsers/Checkpoint/CHECKPOINT.php接口存在SQL注入漏洞，未经身份验证的攻击者可利用该漏洞获取Expedition 数据库内容，例如密码哈希、用户名、设备配置和设备API密钥等，并可在Expedition系统上创建和读取任意文件。 fofa: title="Expedition Project"

Palo Alto Networks Expedition的/API/convertCSVtoParquet.php接口存在信息泄露漏洞，从而导致PAN-OS防火墙的用户名、明文密码、设备配置和设备API密钥泄露。 fofa: title="Expedition Project"

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.