| Título | Sangfor Operation and Maintenance Management System (OSM / 运维安全管理系统) 3.0.8 OS Command Injection |
|---|
| Descrição | A critical Remote Command Execution (RCE) vulnerability exists in the Sangfor Operation and Maintenance Management System (OSM) version 3.0.8. The vulnerability is located in the endpoint. The application fails to properly sanitize the parameter in an HTTP POST request./isomp-protocol/protocol/getHissessionPath
Specifically, the method retrieves the user-supplied and passes it to , which directly concatenates the parameter into a shell command string without sufficient validation or escaping. This string is then executed by . An unauthenticated remote attacker can exploit this vulnerability by injecting shell metacharacters (e.g., ) into the parameter to execute arbitrary system commands with the privileges of the web server (typically or ).WriterHandle.getHis()sessionPathWriterHandle.getCmd()ShellExecutor.service().exe();sessionPathroottomcat |
|---|
| Fonte | ⚠️ https://github.com/master-abc/cve/issues/11 |
|---|
| Utilizador | Liyu Zhu (UID 93722) |
|---|
| Submissão | 30/12/2025 17h31 (há 6 meses) |
|---|
| Moderação | 09/01/2026 18h12 (10 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 340345 [Sangfor Operation and Maintenance Management System até 3.0.8 HTTP POST Request getHis sessionPath Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|