PT-2026-25839 · Tiandy · Easy7 Integrated Management Platform

0Menc

Publicado

2026-03-17

Atualizado

2026-03-17

CVE-2026-4289

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Tiandy Easy7 Integrated Management Platform versions prior to 7.17.1

Description A security issue exists in Tiandy Easy7 Integrated Management Platform. The manipulation of the ID argument in the /rest/preSetTemplate/getRecByTemplateId file can lead to SQL injection. This issue may be initiated remotely. The exploit for this issue has been publicly disclosed.

Recommendations Update Tiandy Easy7 Integrated Management Platform to version 7.17.1 or later.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-4289

Produtos afetados

Easy7 Integrated Management Platform

PT-2026-25839 · Tiandy · Easy7 Integrated Management Platform

CVE-2026-4289

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12