Invia #727207: Sangfor Operation and Maintenance Management System (运维安全管理系统 / OSM) 3.0.8 Command Injectioninformazioni

TitoloSangfor Operation and Maintenance Management System (运维安全管理系统 / OSM) 3.0.8 Command Injection
DescrizioneA Command Injection vulnerability exists in the Sangfor Operation and Maintenance Management System (OSM) version 3.0.8. The vulnerability is located in the endpoint within the class. The application fails to properly sanitize the parameter of the upload request. Specifically, the application uses an insufficient method that filters standard file system characters but fails to neutralize shell metacharacters (such as , , ). The malicious filename is then directly concatenated into a command execution string without parameterization. Remote attackers can exploit this vulnerability to execute arbitrary system commands with the privileges of the application (typically root or tomcat)./system/version/upload_CNVersionController.javafilenamemultipart/form-dataescape;|&bash
Fonte⚠️ https://github.com/master-abc/cve/issues/10
Utente
 junqi (UID 93773)
Sottomissione30/12/2025 17:26 (6 mesi fa)
Moderazione09/01/2026 18:12 (10 days later)
StatoAccettato
Voce VulDB340344 [Sangfor Operation and Maintenance Management System fino a 3.0.8 VersionController.java uploadCN filename escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>