CVE-2026-4232

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Tiandy Integrated Management Platform version 7.17.0

Description A flaw exists in Tiandy Integrated Management Platform 7.17.0 that could allow for SQL injection. The issue is related to an unknown functionality within the file /rest/user/getAuthorityByUserId. Manipulation of the userId parameter may lead to a successful exploit. The attack can be initiated remotely, and details of the exploit have been publicly disclosed. The vendor was informed of the issue but did not provide a response.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2026-4232

Affected Products

Integrated Management Platform

CVE-2026-4232

Weakness Enumeration

Related Identifiers

Affected Products

References · 8