PT-2026-4836 · Hisense+1 · Hisense Transtech Smart Bus Management System+1

Jiefengliang

Publicado

2026-01-26

Atualizado

2026-01-27

CVE-2026-1449

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Hisense TransTech Smart Bus Management System versions prior to 20260114

Description A flaw exists in the Hisense TransTech Smart Bus Management System. A manipulation of the key argument within the Page Load function of the YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx file can lead to SQL injection. This issue is potentially exploitable remotely. The exploit has been published.

Recommendations Versions prior to 20260114 should avoid using the key argument in the Page Load function of the YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx file.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-1449

Produtos afetados

Hisense Transtech Smart Bus Management System

Yzsoft Forms

PT-2026-4836 · Hisense+1 · Hisense Transtech Smart Bus Management System+1

CVE-2026-1449

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8