PT-2026-25839 · Tiandy · Easy7 Integrated Management Platform
0Menc
+1
·
Published
2026-03-17
·
Updated
2026-03-17
·
CVE-2026-4289
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Tiandy Easy7 Integrated Management Platform versions prior to 7.17.1
Description
A security issue exists in Tiandy Easy7 Integrated Management Platform. The manipulation of the
ID argument in the /rest/preSetTemplate/getRecByTemplateId file can lead to SQL injection. This issue may be initiated remotely. The exploit for this issue has been publicly disclosed.Recommendations
Update Tiandy Easy7 Integrated Management Platform to version 7.17.1 or later.
Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Easy7 Integrated Management Platform