PT-2026-55785 · Hanwang · E-Face General Management Platform
Bigbrother_Man
·
Publicado
2026-07-05
·
Atualizado
2026-07-05
·
CVE-2026-14737
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Exploit
Correção
Special Elements Injection
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
E-Face General Management Platform