Enviar #736513: Sangfor Operation and Maintenance Security Management System (OSM / 运维安全管理系统) v3.0.12 Command Injectionainformación

Título	Sangfor Operation and Maintenance Security Management System (OSM / 运维安全管理系统) v3.0.12 Command Injectiona
Descripción	A critical Remote Command Execution (RCE) vulnerability exists in the Sangfor Operation and Maintenance Security Management System (OSM). The vulnerability is located in the endpoint /fort/audit/get_clip_img. The application fails to properly sanitize user input in the HTTP POST request parameters when handling clipboard image retrieval. Code analysis reveals that the backend retrieves the frame and dirno parameters and directly concatenates them into a shell command string. This string is subsequently executed by the system shell via ShellExecutor. This interface is accessible without authentication (No Auth).
Fuente	⚠️ https://github.com/LX-LX88/cve/issues/22
Usuario	hhsw34 (UID 91076)
Sumisión	2026-01-12 10:29 (hace 3 meses)
Moderación	2026-01-25 10:50 (13 days later)
Estado	Aceptado
Entrada de VulDB	342801 [Sangfor Operation and Maintenance Security Management System HTTP POST Request /fort/audit/get_clip_img escalada de privilegios]
Puntos	20

Might our Artificial Intelligence support you?

Check our Alexa App!