Security Advisory

CVE-2023-30806

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-10 14:27:42

Last updated 2025-11-22 14:16:22

Assigner VulnCheck

State PUBLISHED

Description

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.

← Browse all CVEs View on cve.org ↗