Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-15503 PoC — Sangfor Operation and Maintenance Management System common.jsp unrestricted upload

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-15503.yaml
Associated Vulnerability
Title:Sangfor Operation and Maintenance Management System common.jsp unrestricted upload (CVE-2025-15503)
Description:A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Description
Sangfor Operation and Maintenance Management System <= 3.0.8 contains an unrestricted file upload vulnerability caused by manipulation of the \"File\" argument in /fort/trust/version/common/common.jsp, letting remote attackers upload arbitrary files, exploit requires no special privileges.
File Snapshot

 id: CVE-2025-15503

info:
  name: Sangfor OSM - Arbitrary File Upload
  author: Ark
  severity: crit

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →