PT-2026-4682 · Sangfor · Sangfor Operation/Maintenance Management System

Hhsw34

Publicado

2026-01-12

Atualizado

2026-01-31

CVE-2026-1412

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Security Management System versions up to 3.0.12

Description A flaw exists in Sangfor Operation and Maintenance Security Management System. The issue is due to command injection within the HTTP POST Request Handler component, specifically related to the /fort/audit/get clip img file. Manipulation of the frame/dirno argument can lead to remote code execution. The exploit details have been publicly disclosed.

Recommendations Versions prior to 3.0.12 should be updated.

Exploit

Correção

Command Injection

OS Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-78CWE-74

Identificadores relacionados

BDU:2026-00826

CVE-2026-1412

Produtos afetados

Sangfor Operation/Maintenance Management System

PT-2026-4682 · Sangfor · Sangfor Operation/Maintenance Management System

CVE-2026-1412

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11