PT-2026-20547 · Tsinghua Unigroup · Electronic Archives System

Lanmeik

Publicado

2026-02-18

Atualizado

2026-03-03

CVE-2026-2682

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tsinghua Unigroup Electronic Archives System versions through 3.2.210802(62532)

Description A flaw exists in Tsinghua Unigroup Electronic Archives System that allows for remote code execution. The issue is due to SQL injection within the /mine/PublicReport/prinReport.html file. Specifically, manipulating the comid parameter can lead to exploitation. The exploit has been publicly disclosed.

Recommendations Versions prior to 3.2.210802(62532) should be updated.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2026-2682

Produtos afetados

Electronic Archives System

PT-2026-20547 · Tsinghua Unigroup · Electronic Archives System

CVE-2026-2682

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10