| शीर्षक | Sangfor Operation and Maintenance Management System (OSM / 运维安全管理系统) 3.0.8 Unrestricted Upload |
|---|
| विवरण | A critical Arbitrary File Upload vulnerability exists in the Sangfor Operation and Maintenance Management System (OSM) version 3.0.8. The vulnerability is located in the /fort/trust/version/common/common.jsp endpoint.
The application fails to enforce authentication or proper file type validation on this endpoint. A remote, unauthenticated attacker can upload a malicious file (such as a .jsp web shell) by sending a crafted HTTP POST request. Once uploaded, the file is stored in the web root (typically under /fort/trust/version/common/) and can be executed directly via a web browser, leading to Remote Command Execution (RCE) with the privileges of the web server (typically root or tomcat). |
|---|
| स्रोत | ⚠️ https://github.com/master-abc/cve/issues/13 |
|---|
| उपयोगकर्ता | hhsw34 (UID 91076) |
|---|
| सबमिशन | 30/12/2025 05:46 PM (6 महीनों पहले) |
|---|
| संयम | 09/01/2026 06:12 PM (10 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 340348 [Sangfor Operation and Maintenance Management System तक 3.0.8 common.jsp Arquivo अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|