A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file …

A security vulnerability has been identified in Sangfor Operation and Maintenance Management System up to version 3.0.8. The flaw affects an unknown function in the file /fort/trust/version/common/common.jsp, where manipulation of the File argument leads to unrestricted file upload capabilities. This vulnerability can be exploited remotely and a public exploit has been released. The vendor was notified about the disclosure but did not provide any response. The vulnerability poses significant risk due to its remote exploitability and public availability of exploit code.