PT-2026-4836 · Hisense+1 · Hisense Transtech Smart Bus Management System+1
Jiefengliang
·
Published
2026-01-26
·
Updated
2026-01-27
·
CVE-2026-1449
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Hisense TransTech Smart Bus Management System versions prior to 20260114
Description
A flaw exists in the Hisense TransTech Smart Bus Management System. A manipulation of the
key argument within the Page Load function of the YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx file can lead to SQL injection. This issue is potentially exploitable remotely. The exploit has been published.Recommendations
Versions prior to 20260114 should avoid using the
key argument in the Page Load function of the YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx file.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hisense Transtech Smart Bus Management System
Yzsoft Forms