Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-30867

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Apr, 2024 | 00:00
Updated At-27 Aug, 2024 | 16:11
Rejected At-
Credits

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Apr, 2024 | 00:00
Updated At:27 Aug, 2024 | 16:11
Rejected At:
▼CVE Numbering Authority (CNA)

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md
N/A
Hyperlink: https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md
x_transferred
Hyperlink: https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
netentsec
Product
ns-asg
CPEs
  • cpe:2.3:h:netentsec:ns-asg:6.3:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 6.3
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Apr, 2024 | 16:15
Updated At:04 Apr, 2025 | 15:45

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_virtual_site_info.php.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
netentsec
netentsec
>>ns-asg_firmware>>6.3
cpe:2.3:o:netentsec:ns-asg_firmware:6.3:*:*:*:*:*:*:*
netentsec
netentsec
>>ns-asg>>-
cpe:2.3:h:netentsec:ns-asg:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-89
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.mdcve@mitre.org
Exploit
Third Party Advisory
https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-edit_virtual_site_info.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

6076Records found
CVE-2024-3040
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.82% / 52.54%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 14:31
Updated-10 Feb, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway list_crl_conf sql injection

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6007
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.60% / 43.96%
||
7 Day CHG~0.00%
Published-15 Jun, 2024 | 13:00
Updated-05 Feb, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway deleteiscgwrouteconf.php sql injection

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2644
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.84% / 52.97%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 22:00
Updated-07 Feb, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway addfirewall.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/addfirewall.php. The manipulation of the argument FireWallTableArray leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3455
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.73% / 49.39%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 15:31
Updated-07 Feb, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3456
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.77% / 50.62%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 16:31
Updated-07 Feb, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway config_Anticrack.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayns-asg
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3457
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.68% / 47.51%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 17:31
Updated-06 Feb, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayns-asg_application_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3458
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.71% / 48.52%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 18:00
Updated-06 Feb, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway add_ikev2.php sql injection

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3041
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.82% / 52.54%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 15:00
Updated-10 Feb, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway listloginfo.php sql injection

A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30865
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 48.12%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_user_login.php.

Action-Not Available
Vendor-netentsecn/anetentsec
Product-ns-asg_firmwarens-asgn/ans-asg
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2646
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.81% / 52.13%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 22:31
Updated-30 Jan, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway sql injection

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2649
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.84% / 52.97%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 23:31
Updated-10 Apr, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway deleteonlineuser.php sql injection

A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257287. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2647
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.95% / 56.67%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 23:00
Updated-10 Feb, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway singlelogin.php sql injection

A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /admin/singlelogin.php. The manipulation of the argument loginId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257285 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2330
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-17.62% / 96.76%
||
7 Day CHG-0.14%
Published-09 Mar, 2024 | 09:00
Updated-05 Feb, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway index.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2329
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.72% / 48.96%
||
7 Day CHG~0.00%
Published-09 Mar, 2024 | 08:00
Updated-05 Feb, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2021
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.74% / 49.76%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 23:31
Updated-21 Jan, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway list_localuser.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway_firmware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2022
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-8.54% / 94.36%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 00:00
Updated-21 Jan, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway list_ipAddressPolicy.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayns-asg_firmware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6903
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.71% / 48.66%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 23:00
Updated-30 Sep, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway sql injection

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-7161
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.67% / 47.23%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 08:00
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway Login sql injection

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gateway_firmwareapplication_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5700
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.65% / 46.20%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 23:31
Updated-17 Sep, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway uploadiscgwrouteconf.php sql injection

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5784
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 47.12%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 14:31
Updated-17 Sep, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway uploadfirewall.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5773
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 46.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 03:00
Updated-29 Jan, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway deletemacbind.php sql injection

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/firewall/deletemacbind.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayns-asg_application_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5772
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.68% / 47.32%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 02:00
Updated-29 Jan, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway deleteiscuser.php sql injection

A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deleteiscuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayns-asg_application_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5590
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.61% / 44.71%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 00:31
Updated-07 Feb, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway JSON Content uploadiscuser.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266848. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayns-asg_application_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5589
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.54% / 41.01%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 00:00
Updated-07 Feb, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30242
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 49.42%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 00:00
Updated-29 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.

Action-Not Available
Vendor-netentsecn/a
Product-application_security_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 48.12%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php.

Action-Not Available
Vendor-netentsecn/anetentsec
Product-ns-asg_firmwarens-asgn/ans-asg_firmware
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-30858
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 49.52%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php.

Action-Not Available
Vendor-netentsecn/ans_asg
Product-ns-asg_firmwarens-asgn/ans_asg
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-30862
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.66% / 46.53%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.

Action-Not Available
Vendor-netentsecn/anetentsec
Product-ns-asg_firmwarens-asgn/ans-asgns-asg_firmware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30864
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.35% / 26.34%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupTimePolicy.php.

Action-Not Available
Vendor-netentsecn/a
Product-ns-asg_firmwarens-asgn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30860
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.25%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php.

Action-Not Available
Vendor-netentsecn/anetentsec
Product-ns-asg_firmwarens-asgn/aapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30870
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.09%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address_interpret.php.

Action-Not Available
Vendor-netentsecn/anetentsec
Product-ns-asg_firmwarens-asgn/aapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30859
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.09%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ISCGroupSSLCert.php.

Action-Not Available
Vendor-netentsecn/anetentsec
Product-ns-asg_firmwarens-asgn/aapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30871
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.71% / 48.48%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/applyhardware.php.

Action-Not Available
Vendor-netentsecn/anetentsec
Product-ns-asg_firmwarens-asgn/aapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30872
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.29% / 20.48%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authrp.php.

Action-Not Available
Vendor-netentsecn/a
Product-ns-asg_firmwarens-asgn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30861
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 35.52%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configguide/ipsec_guide_1.php.

Action-Not Available
Vendor-netentsecn/a
Product-ns-asg_firmwarens-asgn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30863
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.44% / 35.21%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/history.php.

Action-Not Available
Vendor-netentsecn/a
Product-ns-asg_firmwarens-asgn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-30866
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 26.51%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php.

Action-Not Available
Vendor-netentsecn/anetentsec
Product-ns-asg_firmwarens-asgn/ans-asg
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-28521
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 24.44%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 00:00
Updated-17 Jun, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component.

Action-Not Available
Vendor-netentsecn/anetcome
Product-application_security_gateway_firmwarens-asgn/ans-asg
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5826
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 46.51%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 17:31
Updated-02 Aug, 2024 | 08:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway list_onlineuser.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5785
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.55% / 41.66%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 15:00
Updated-27 Aug, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway addaddress_interpret.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5681
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.63% / 45.47%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 20:31
Updated-17 Sep, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsec
Product-application_security_gatewayNS-ASG Application Security Gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30243
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 41.89%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 00:00
Updated-29 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information.

Action-Not Available
Vendor-netentsecn/a
Product-application_security_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-22583
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-10||CRITICAL
EPSS-0.76% / 50.25%
||
7 Day CHG~0.00%
Published-11 Jun, 2023 | 13:17
Updated-09 Jan, 2025 | 07:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection in Danfoss AK-EM100

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

Action-Not Available
Vendor-danfossDanfoss
Product-ak-em100_firmwareak-em100AK-EM100
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-52057
Matching Score-4
Assigner-Real-Time Innovations, Inc.
ShareView Details
Matching Score-4
Assigner-Real-Time Innovations, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.39% / 30.52%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 10:12
Updated-02 Oct, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*.

Action-Not Available
Vendor-rtiRTI
Product-connext_professionalConnext Professional
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2363
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.77% / 50.64%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 11:00
Updated-02 Aug, 2024 | 06:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Resort Reservation System view_room.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639.

Action-Not Available
Vendor-resort_reservation_system_projectSourceCodester
Product-resort_reservation_systemResort Reservation System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-23155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 62.70%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-art_gallery_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-23331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 54.64%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.

Action-Not Available
Vendor-amanon/a
Product-xofficen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-23758
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 38.98%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 16:51
Updated-20 Oct, 2024 | 04:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - creative-solutions.net - SQLi in Creative Gallery component for Joomla <= 2.2.0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

Action-Not Available
Vendor-creative-solutionscreative-solutions.net
Product-creative_galleryCreative Gallery component for Joomla
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-23156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.68% / 88.25%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-02 Aug, 2024 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-art_gallery_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2344
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.83% / 52.85%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 14:00
Updated-02 Aug, 2024 | 06:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Service Provider Management System HTTP POST Request sql injection

A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-service_provider_management_systemService Provider Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 121
  • 122
  • Next
Details not found