Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/27 3:20 a.m.9 views

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

9.8CVSS6.3AI score0.02801EPSS
Exploits0References1
CVE
CVE
added 2026/01/26 1:2 a.m.19 views

CVE-2026-1412

Sangfor Operation and Maintenance Security Management System (up to version 3.0.12) is affected by a command injection in the HTTP POST Request Handler, specifically the /fort/audit/get_clip_img function. Exploiting manipulation of the frame/dirno argument enables remote code execution, with the ...

9.8CVSS7.3AI score0.03946EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/01/09 10:15 p.m.13 views

CVE-2025-15500

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

10CVSS0.05593EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/09 9:32 p.m.24 views

CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

10CVSS0.05593EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.5 views

CVE-2023-7307

Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...

8.7CVSS7.6AI score0.00482EPSS
Exploits0References1
Rows per page
Query Builder