CNNVD-202601-1730 Information

CNNVD ID

CNNVD-202601-1730

Related CVE

CVE-2025-15502

• CNNVD Published: 2026-01-10

Description (Chinese)

Sangfor Operation and Maintenance Management System是中国深信服（Sangfor）公司的一款运维管理系统。 Sangfor Operation and Maintenance Management System 3.0.8及之前版本存在操作系统命令注入漏洞，该漏洞源于对文件/isomp-protocol/protocol/session中参数Hostname的错误操作，可能导致os命令注入。

Description (English)

The Sangfor Operation and Community Management System is a transport management system that China is convinced of. SangforOperation and Management System 3.0.8 and previous versions contain a loophole in the operating system command, which results from an error in the hostname of the parameter in the file/somp-protocol/protocol/session, which may lead to an injection of the Os command.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

深信服

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/master-abc/cve/issues/14 https://github.com/master-abc/cve/issues/14#issue-3770634476 https://vuldb.com/?ctiid.340347 https://vuldb.com/?id.340347 https://vuldb.com/?submit.727217

Patch

https://www.sangfor.com/