Netentsec NS-ASG Application Security Gateway sql injection
CVE-2023-6903

7.3HIGH

Key Information:

Vendor

Netentsec

Status
Ns-asg Application Security Gateway
Vendor
CVE Published:
17 December 2023

What is CVE-2023-6903?

A vulnerability has been discovered in the Netentsec NS-ASG Application Security Gateway, specifically affecting the /admin/singlelogin.php?submit=1 file. The vulnerability allows remote attackers to exploit an SQL injection flaw via manipulation of the loginId parameter. This flaw can lead to unauthorized access to sensitive data within the database, making it critical for affected users to apply patches and security measures promptly. Public disclosure of this vulnerability has increased the risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NS-ASG Application Security Gateway 6.3.1

References

https://vuldb.com/?id.248265
vdb-entrytechnical-description
https://vuldb.com/?ctiid.248265
signaturepermissions-required
https://github.com/willchen0011/cve/blob/main/NS-ASG-sql.md
exploit

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

willchen
willchen (VulDB User)
JSON
.