CVE-2023-30804
- EPSS 5.34%
- Veröffentlicht 10.10.2023 15:15:10
- Zuletzt bearbeitet 28.11.2025 16:15:50
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is...
CVE-2023-30805
- EPSS 18.75%
- Veröffentlicht 10.10.2023 15:15:10
- Zuletzt bearbeitet 28.11.2025 16:15:50
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /Log...
CVE-2023-30806
- EPSS 17.04%
- Veröffentlicht 10.10.2023 15:15:10
- Zuletzt bearbeitet 22.11.2025 15:16:02
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi...
CVE-2023-30802
- EPSS 0.19%
- Veröffentlicht 10.10.2023 15:15:09
- Zuletzt bearbeitet 28.11.2025 16:15:49
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.
CVE-2023-30803
- EPSS 0.67%
- Veröffentlicht 10.10.2023 15:15:09
- Zuletzt bearbeitet 28.11.2025 16:15:50
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests usi...