Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sangfor Next-Gen Application Firewall Login Un Param Command Injection
Vulnerability Description
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Sangfor Next-Gen Application Firewall 操作系统命令注入漏洞
Vulnerability Description
Sangfor Next-Gen Application Firewall(Sangfor NGAF)是中国深信服(Sangfor)公司的一款应用防火墙。 Sangfor Next-Gen Application Firewall NGAF8.0.17版本存在安全漏洞,该漏洞源于存在操作系统命令注入漏洞。攻击者可利用该漏洞通过向/LogInOut.php端点发送HTTP POST请求来执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A