CNNVD-202601-1588 Information
CNNVD ID
CNNVD-202601-1588
Related CVE
- CNNVD Published: 2026-01-09
Description (Chinese)
Sangfor Operation and Maintenance Management System是中国深信服(Sangfor)公司的一款运维管理系统。 Sangfor Operation and Maintenance Management System 3.0.8及之前版本存在操作系统命令注入漏洞,该漏洞源于对组件HTTP POST Request Handler中文件/isomp-protocol/protocol/getHis参数sessionPath的错误操作,可能导致os命令注入。
Description (English)
The Sangfor Operation and Community Management System is a transport management system that China is convinced of. There is a gap in operating system command 3.0.8 and previous versions, which stems from an error in the document/isomp-protocol/protocol/getHis parametersessionPath of component HTTP POST Review Handler, which may result in the injection of an Os command.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
深信服
Published
2026-01-09
Last Modified
2026-02-24
References
https://github.com/master-abc/cve/issues/11 https://github.com/master-abc/cve/issues/11#issue-3770602189 https://vuldb.com/?ctiid.340345 https://vuldb.com/?id.340345 https://vuldb.com/?submit.727208