PT-2026-20337 · Unknown · Huace Monitoring/Early Warning System

Red88-Debug

Publicado

2026-02-17

Atualizado

2026-03-16

CVE-2026-2620

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Huace Monitoring and Early Warning System version 2.2

Description A weakness exists in Huace Monitoring and Early Warning System 2.2, specifically within an unknown functionality of the /Web/SysManage/ProjectRole.aspx file. Manipulating the ID argument can lead to a SQL injection. The attack can be launched remotely, and an exploit has been publicly released. The vendor was contacted regarding this issue but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-2620

Produtos afetados

Huace Monitoring/Early Warning System

PT-2026-20337 · Unknown · Huace Monitoring/Early Warning System

CVE-2026-2620

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10