5 matches found
CVE-2026-1413
A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...
CVE-2026-1412
Sangfor Operation and Maintenance Security Management System (up to version 3.0.12) is affected by a command injection in the HTTP POST Request Handler, specifically the /fort/audit/get_clip_img function. Exploiting manipulation of the frame/dirno argument enables remote code execution, with the ...
CVE-2025-15500
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...
CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...
CVE-2023-7307
Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...