Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:11 a.m.7 views

CVE-2023-30805

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

9.8CVSS9.8AI score0.65799EPSS
Exploits1References1
NVD
NVD
added 2023/10/10 3:15 p.m.15 views

CVE-2023-30805

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

9.8CVSS10AI score0.65799EPSS
Exploits1References3
NVD
NVD
added 2023/10/10 3:15 p.m.19 views

CVE-2023-30804

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpnhtml/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...

6.5CVSS7AI score0.12816EPSS
Exploits1References3
OSV
OSV
added 2023/10/10 3:15 p.m.3 views

CVE-2023-30803

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header...

9.8CVSS5.9AI score0.18206EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/10/10 2:27 p.m.10 views

CVE-2023-30806 Sangfor Next-Gen Application Firewall PHPSESSID Command Injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

9.8CVSS9.7AI score0.65799EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/10/10 2:25 p.m.13 views

CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

9.8CVSS9.7AI score0.65799EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/10/10 2:7 p.m.17 views

CVE-2023-30802 Sangfor Next-Gen Application Firewall Source Code Disclosure

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...

5.3CVSS5.8AI score0.00646EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.5 views

PT-2023-6173 · Sangfor · Sangfor Next-Gen Application Firewall

Name of the Vulnerable Software and Affected Versions: Sangfor Next-Gen Application Firewall version NGAF8.0.17 Description: The issue is related to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP...

9.8CVSS9.9AI score0.65799EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.5 views

PT-2023-6169

Name of the Vulnerable Software and Affected Versions Sangfor Next-Gen Application Firewall version NGAF8.0.17 Description The issue is related to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP PO...

10CVSS7.5AI score0.65799EPSS
Exploits2References8
Rows per page
Query Builder