CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5784 – Netentsec NS-ASG Application Security Gateway uploadfirewall.php sql injection
https://notcve.org/view.php?id=CVE-2023-5784
26 Oct 2023 — A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. • https://github.com/gb111d/ns-asg_poc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5700 – Netentsec NS-ASG Application Security Gateway uploadiscgwrouteconf.php sql injection
https://notcve.org/view.php?id=CVE-2023-5700
22 Oct 2023 — A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability. • https://github.com/istlnight/cve/blob/main/NS-ASG-sql-uploadiscgwrouteconf.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5681 – Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection
https://notcve.org/view.php?id=CVE-2023-5681
20 Oct 2023 — A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Wsecpro/cve1/blob/main/NS-ASG-sql-list_addr_fwresource_ip.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3792 – Beijing Netcon NS-ASG test_status.php direct request
https://notcve.org/view.php?id=CVE-2023-3792
20 Jul 2023 — A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. • https://github.com/CYN521/cve/blob/main/NS-ASG.md • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30242
https://notcve.org/view.php?id=CVE-2023-30242
05 May 2023 — NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. • http://ns-asg.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30243
https://notcve.org/view.php?id=CVE-2023-30243
05 May 2023 — Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. • http://ns-asg.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •