{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-7161","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-12-28T14:49:57.264Z","datePublished":"2023-12-29T08:00:05.846Z","dateUpdated":"2024-08-02T08:50:08.192Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-12-29T08:00:05.846Z"},"title":"Netentsec NS-ASG Application Security Gateway Login sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"Netentsec","product":"NS-ASG Application Security Gateway","versions":[{"version":"6.3.1","status":"affected"}],"modules":["Login"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183."},{"lang":"de","value":"Es wurde eine Schwachstelle in Netentsec NS-ASG Application Security Gateway 6.3.1 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei index.php?para=index der Komponente Login. Dank der Manipulation des Arguments check_VirtualSiteId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-12-28T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-12-28T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-12-28T15:55:30.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"fixitc (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.249183","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.249183","tags":["signature","permissions-required"]},{"url":"https://github.com/fixitc/cve/blob/main/sql.md","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:50:08.192Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.249183","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.249183","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/fixitc/cve/blob/main/sql.md","tags":["exploit","x_transferred"]}]}]}}