PT-2026-27111 · Tiandy · Easy7 Integrated Management Platform
Red88-Debug
+1
·
Published
2026-03-23
·
Updated
2026-03-23
·
CVE-2026-4585
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tiandy Easy7 Integrated Management Platform versions up to 7.17.0
Description
A flaw exists in the Configuration Handler component of Tiandy Easy7 Integrated Management Platform. Specifically, the issue resides in the
/Easy7/apps/WebService/ImportSystemConfiguration.jsp file. Manipulation of the File argument can result in operating system command injection. This allows for remote attacks. The exploit for this issue has been publicly disclosed.Recommendations
Versions prior to 7.17.0 should be used.
Exploit
Fix
Command Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Easy7 Integrated Management Platform