CVE-2023-30806

CVSS V2 None CVSS V3 None
Description
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.
Overview
  • CVE ID
  • CVE-2023-30806
  • Assigner
  • VulnCheck
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-10-10T14:27:42.771Z
  • Last Modified Date
  • 2023-10-10T14:27:42.771Z
History
Created Old Value New Value Data Type Notes
2024-06-25 17:23:15 Added to TrackCVE