CVE-2026-1412

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

CVE-2026-1414 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

CVE-2026-1414 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_Information getInformation command injection

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...

CVE-2026-1413

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...

CVE-2026-1413

Sangfor Operation and Maintenance Security Management System up to 3.0.12 contains a command injection in the HTTP POST Request Handler’s portValidate function, located in /fort/ip_and_port/port_validate. An attacker can remotely manipulate the port argument to execute arbitrary commands. Multipl...

CVE-2026-1412 Sangfor Operation and Maintenance Security Management System HTTP POST Request get_clip_img command injection

A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/getclipimg of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command...

Sangfor Operation and Maintenance Security Management System Command Injection Vulnerability

The Sangfor Operation and Maintenance Security Management System is a security management system developed by Sangfor Corporation in China. Versions of the Sangfor Operation and Maintenance Security Management System 3.0.12 and earlier had a command injection vulnerability. This vulnerability...

CVE-2026-1325

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1325

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

CVE-2026-1325

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

CVE-2026-1325 Sangfor Operation and Maintenance Security Management System edit_pwd_mall password recovery

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

CVE-2026-1325

CVE-2026-1325 concerns Sangfor Operation and Maintenance Security Management System up to version 3.0.12, where the edit_pwd_mall function in /fort/login/edit_pwd_mall is vulnerable. The vulnerability involves manipulation of the flag argument, enabling weak password recovery and enabling remote ...

CVE-2026-1324

Summary: CVE-2026-1324 affects Sangfor Operation and Maintenance Management System (

Sangfor Operation and Maintenance Security Management System Authorization Issues Vulnerabilities

The Sangfor Operation and Maintenance Security Management System is a security management system for operations and maintenance developed by Sangfor Corporation. Versions of the Sangfor Operation and Maintenance Security Management System 3.0.12 and earlier contained an authorization issue...

Sangfor Operation and Maintenance Management System: Operating System Command Injection Vulnerability

Sangfor Operation and Maintenance Management System is an operation and maintenance management system developed by Sangfor Corporation in China. Versions of Sangfor Operation and Maintenance Management System 3.0.12 and earlier had a vulnerability related to operating system command injection. Th...

CVE-2025-15503

A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is...

PT-2026-4682

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Security Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Security Management System. The issue is due to command injection within the HTTP POST Request...

CVE-2025-15503

A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is...

CVE-2025-15503 Sangfor Operation and Maintenance Management System common.jsp unrestricted upload

A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is...