| 제목 | Sangfor Operation and Maintenance Management System (OSM / 运维安全管理系统) 3.0.8 OS Command Injection |
|---|
| 설명 | A critical Remote Command Execution (RCE) vulnerability exists in the Sangfor Operation and Maintenance Management System (OSM) version 3.0.8. The vulnerability is located in the /isomp-protocol/protocol/getCmd endpoint. The application fails to properly sanitize the sessionPath parameter in an HTTP POST request.
Specifically, the WriterHandle.getCmd() method retrieves the user-supplied sessionPath and passes it to WriterHandle.getCmd(), which directly concatenates the parameter into a shell command string without sufficient validation or escaping. This string is then executed by ShellExecutor.service().exe(). An unauthenticated remote attacker can exploit this vulnerability by injecting shell metacharacters (e.g., ;) into the sessionPath parameter to execute arbitrary system commands with the privileges of the web server (typically root or tomcat). |
|---|
| 원천 | ⚠️ https://github.com/master-abc/cve/issues/12 |
|---|
| 사용자 | nestor233 (UID 94006) |
|---|
| 제출 | 2025. 12. 30. PM 05:40 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 09. PM 06:12 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 340346 [Sangfor Operation and Maintenance Management System 까지 3.0.8 getCmd WriterHandle.getCmd sessionPath 권한 상승] |
|---|
| 포인트들 | 20 |
|---|