A command injection vulnerability exists in Sangfor Operation and Maintenance Security Management System up to version 3.0.12. An attacker can remotely exploit this vulnerability by manipulating the `frame/dirno` argument in the `/fort/audit/get_clip_img` file via an HTTP POST request, potentially leading to arbitrary command execution.
A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the component HTTP POST Request Handler. Such manipulation of the argument frame/dirno leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.