CVE-2023-30805

CVSS V2 None CVSS V3 None
Description
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.
Overview
  • CVE ID
  • CVE-2023-30805
  • Assigner
  • VulnCheck
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-10-10T14:25:16.222Z
  • Last Modified Date
  • 2023-10-10T14:28:15.299Z
History
Created Old Value New Value Data Type Notes
2024-06-25 17:11:51 Added to TrackCVE