CVE-2026-2820

CVSS v2.0

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Fujian Smart Integrated Management Platform System versions up to 7.5

Description A security flaw exists in Fujian Smart Integrated Management Platform System up to version 7.5. The issue involves improper processing of files, specifically

/Module/CRXT/Controller/XAccessPermissionPlus.ashx

. Manipulation of the

DeviceIDS

argument can lead to a SQL injection attack, potentially allowing remote exploitation. The exploit for this issue has been publicly released.

Recommendations Versions prior to 7.5 should be updated.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-2820

Affected Products

Smart Integrated Management Platform System

CVE-2026-2820

Weakness Enumeration

Related Identifiers

Affected Products

References · 7