Submit #736513: Sangfor Operation and Maintenance Security Management System (OSM / 运维安全管理系统) v3.0.12 Command Injectionainfo

Titel	Sangfor Operation and Maintenance Security Management System (OSM / 运维安全管理系统) v3.0.12 Command Injectiona
Beschreibung	A critical Remote Command Execution (RCE) vulnerability exists in the Sangfor Operation and Maintenance Security Management System (OSM). The vulnerability is located in the endpoint /fort/audit/get_clip_img. The application fails to properly sanitize user input in the HTTP POST request parameters when handling clipboard image retrieval. Code analysis reveals that the backend retrieves the frame and dirno parameters and directly concatenates them into a shell command string. This string is subsequently executed by the system shell via ShellExecutor. This interface is accessible without authentication (No Auth).
Quelle	⚠️ https://github.com/LX-LX88/cve/issues/22
Benutzer	hhsw34 (UID 91076)
Einreichung	12.01.2026 10:29 (vor 3 Monaten)
Moderieren	25.01.2026 10:50 (13 days later)
Status	Akzeptiert
VulDB Eintrag	342801 [Sangfor Operation and Maintenance Security Management System HTTP POST Request /fort/audit/get_clip_img erweiterte Rechte]
Punkte	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!