PT-2026-4682 · Sangfor · Sangfor Operation/Maintenance Management System
Hhsw34
·
Published
2026-01-12
·
Updated
2026-01-31
·
CVE-2026-1412
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sangfor Operation and Maintenance Security Management System versions up to 3.0.12
Description
A flaw exists in Sangfor Operation and Maintenance Security Management System. The issue is due to command injection within the HTTP POST Request Handler component, specifically related to the
/fort/audit/get clip img file. Manipulation of the frame/dirno argument can lead to remote code execution. The exploit details have been publicly disclosed.Recommendations
Versions prior to 3.0.12 should be updated.
Exploit
Fix
Command Injection
OS Command Injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sangfor Operation/Maintenance Management System