CVE-2025-15503 PoC — Sangfor Operation and Maintenance Management System 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-15503.yaml

Associated Vulnerability

Title:Sangfor Operation and Maintenance Management System 代码问题漏洞 (CVE-2025-15503)
Description:Sangfor Operation and Maintenance Management System是中国深信服（Sangfor）公司的一款运维管理系统。 Sangfor Operation and Maintenance Management System 3.0.8及之前版本存在代码问题漏洞，该漏洞源于对文件/fort/trust/version/common/common.jsp中参数File的错误操作，可能导致任意文件上传。

Description

Sangfor Operation and Maintenance Management System <= 3.0.8 contains an unrestricted file upload vulnerability caused by manipulation of the \"File\" argument in /fort/trust/version/common/common.jsp, letting remote attackers upload arbitrary files, exploit requires no special privileges.

File Snapshot


 id: CVE-2025-15503

info:
  name: Sangfor OSM - Arbitrary File Upload
  author: Ark
  severity: crit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.