PT-2026-43077 · Tiandy · Easy7 Integrated Management Platform
Bigbrother_Man
·
Published
2026-05-25
·
Updated
2026-05-25
·
CVE-2026-9465
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Exploit
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Easy7 Integrated Management Platform