Sangfor: >> Next-Gen Application Firewall >> ngaf8.0.17 Security Vulnerabilities
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.
CVSS Score
9.8
EPSS Score
0.17
Published
2023-10-10