Количество 3
Количество 3
CVE-2023-30805
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.
GHSA-398q-w43p-26hx
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.
BDU:2023-06882
Уязвимость файла /LogInOut.php средства межсетевого экранирования Sangfor NGAF, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-30805 The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter. | CVSS3: 9.8 | 19% Средний | больше 2 лет назад |
| GHSA-398q-w43p-26hx The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter. | CVSS3: 9.8 | 19% Средний | больше 2 лет назад |
 | BDU:2023-06882 Уязвимость файла /LogInOut.php средства межсетевого экранирования Sangfor NGAF, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 19% Средний | больше 2 лет назад |
Уязвимостей на страницу