The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the “un” parameter.
Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku
Kaynak: National Vulnerability Database
