Tajang

**Name of the Vulnerable Software and Affected Versions** Sangfor Operation and Maintenance Security Management System versions prior to 3.0.11 **Description** A command injection issue exists in the Sangfor Operation and Maintenance Security Management System. The issue is related to the manipulation of the `loginUrl` argument within the file /fort/portal login of the Frontend component. This can be exploited remotely. The exploit has been publicly disclosed. The vulnerable component is an unknown function. **Recommendations** Upgrade to version 3.0.11 or 3.0.12. Upgrade the affected component.