Sangfor Operation and Maintenance Security Management System Command Injection Vulnerability
Vulnerability
A command injection vulnerability has been identified in Sangfor Operation and Maintenance Security Management System (version 3.0) within the Frontend component, specifically in the file '/fort/portal_login'. This vulnerability arises from improper handling of the 'loginUrl' argument, allowing remote execution of system commands. The issue has been publicly disclosed and is actively exploitable.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the server where the application is running.
Reproduction
To reproduce this vulnerability, send a POST request to '/fort/portal_login' with the 'Content-Type' set to 'application/json'. The request body should include a payload that injects a command into the 'loginUrl' field. If the injection is successful, the response will echo the output of the executed command.
Remediation
Users are advised to upgrade to version 3.0.11 or 3.0.12 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.