| タイトル | Sangfor Operation and Maintenance Management System (OSM / 运维安全管理系统) 3.0.8 OS Command Injection |
|---|
| 説明 | A critical Remote Command Execution (RCE) vulnerability exists in the Sangfor Operation and Maintenance Management System (OSM) version 3.0.8. The vulnerability is located in the endpoint. The application fails to properly sanitize the parameter in an HTTP POST request./isomp-protocol/protocol/getHissessionPath
Specifically, the method retrieves the user-supplied and passes it to , which directly concatenates the parameter into a shell command string without sufficient validation or escaping. This string is then executed by . An unauthenticated remote attacker can exploit this vulnerability by injecting shell metacharacters (e.g., ) into the parameter to execute arbitrary system commands with the privileges of the web server (typically or ).WriterHandle.getHis()sessionPathWriterHandle.getCmd()ShellExecutor.service().exe();sessionPathroottomcat |
|---|
| ソース | ⚠️ https://github.com/master-abc/cve/issues/11 |
|---|
| ユーザー | Liyu Zhu (UID 93722) |
|---|
| 送信 | 2025年12月30日 17:31 (6 月 ago) |
|---|
| モデレーション | 2026年01月09日 18:12 (10 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 340345 [Sangfor Operation and Maintenance Management System 迄 3.0.8 HTTP POST Request getHis sessionPath 特権昇格] |
|---|
| ポイント | 20 |
|---|