Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-30805: Sangfor Next-Gen Application Firewall Login Un Param Command Injection | VulnCheck Advisories

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the “un” parameter.

CVE
Open in Source
#vulnerability#php#auth

ProductsResourcesCommunityCompany

Go back

Sangfor Next-Gen Application Firewall Login Un Param Command Injection

severity

critical

date

October 10, 2023

Affecting

  • Sangfor NGAF 8.0.17.364 (AWS)

CVE

CVE-2023-30805

CVE type

OS command injection

CVSS

9.8

CVSS V3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

  • Software
  • Research Advisory

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE