HIGH🇵🇱 Wersja polska

CVE-2024-28521

CVSS 7.8v3.1pub. 2024-03-21upd. 2025-06-17

SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Netentsec Application Security Gateway Firmware

    OS
    Netentsec
    6.3.1
  • Netentsec Ns Asg

    HW
    Netentsec
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2024-30868CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 via /admin/add_getlogin.php

CVE-2024-30858CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 via edit_fire_wall.php

CVE-2024-30865CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny

CVE-2024-30867CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Netentsec NS-ASG 6.3 — panel administracyjny

CVE-2024-30860HIGH8.8ten sam produkt

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_excel_user.php.