Security Advisory

CVE-2023-30805

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-10 14:25:16

Last updated 2025-11-28 15:59:17

Assigner VulnCheck

State PUBLISHED

Description

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.

← Browse all CVEs View on cve.org ↗