ReportizFlow
Filtered by vendor Sangfor
Subscriptions
Filtered by product Net-gen Application Firewall
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30806 | 1 Sangfor | 2 Net-gen Application Firewall, Next-gen Application Firewall | 2025-11-22 | 9.8 Critical |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie. | ||||
Page 1 of 1.