Unrated severityNVD Advisory· Published Oct 10, 2023· Updated Nov 28, 2025
Sangfor Next-Gen Application Firewall Login Un Param Command Injection
CVE-2023-30805
Description
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= NGAF8.0.17+ 1 more
- (no CPE)range: = NGAF8.0.17
- (no CPE)range: 8.0.17
Patches
Vulnerability mechanics
References
3- labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/mitrethird-party-advisoryexploittechnical-description
- vulncheck.com/advisories/sangfor-ngaf-username-rcemitrethird-party-advisory
- aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4mitreproduct
News mentions
0No linked articles in our index yet.