CVE-2024-5590 | Netentsec NS-ASG Application Security Gateway 6.3 JSON Content uploadiscuser.php messagecontent sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to sql injection.

This vulnerability was named CVE-2024-5590. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-5590 | Netentsec NS-ASG Application Security Gateway 6.3 JSON Content uploadiscuser.php messagecontent sql injection

Post correlati

CVE-2024-47131 | Delta Electronics DIAScreen up to 1.4.x BACnetObjectInfo stack-based overflow (icsa-24-312-02)

CVE-2024-2110 | Events Manager Plugin up to 6.4.7.1 on WordPress cross-site request forgery

CVE-2024-35522 | Netgear EX3700 AC750 WiFi Range Extender Essentials Edition operating_mode.cgi command injection

CVE-2024-24788 | Google Go up to 1.21.9/1.22.2 net Lookup infinite loop