PT-2026-20991 · Unknown · Smart Integrated Management Platform System
Lanmeik
·
Published
2026-02-20
·
Updated
2026-02-25
·
CVE-2026-2820
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Fujian Smart Integrated Management Platform System versions up to 7.5
Description
A security flaw exists in Fujian Smart Integrated Management Platform System up to version 7.5. The issue involves improper processing of files, specifically
/Module/CRXT/Controller/XAccessPermissionPlus.ashx. Manipulation of the DeviceIDS argument can lead to a SQL injection attack, potentially allowing remote exploitation. The exploit for this issue has been publicly released.Recommendations
Versions prior to 7.5 should be updated.
Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Smart Integrated Management Platform System