A command injection vulnerability exists in Sangfor Operation and Maintenance Security Management System up to version 3.0.12. The vulnerability allows a remote attacker to execute arbitrary commands by manipulating the fortEquipmentIp argument in the /equipment/get_Information endpoint. A public exploit is available, increasing the risk of exploitation.
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.