إرسال #775457: Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 OS Command Injectionالمعلومات

عنوان	Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 OS Command Injection
الوصف	A critical Remote Command Execution (RCE) vulnerability exists in the ImportSystemConfiguration.jsp endpoint. The application fails to properly sanitize or validate the uploaded configuration files. An unauthenticated remote attacker can upload a specially crafted .bin file containing malicious OS commands, which are subsequently executed via the sh shell through command injection. Successful exploitation allows the attacker to execute arbitrary commands with administrative privileges (e.g., root), leading to a full system compromise.
المصدر	⚠️ https://my.feishu.cn/docx/WkHjd3oajoIw5exHk9ecUHaFnKd?from=from_copylink
المستخدم	Anonymous User
ارسال	09/03/2026 03:12 AM (2 أشهر منذ)
الاعتدال	22/03/2026 10:27 AM (13 days later)
الحالة	تمت الموافقة
إدخال VulDB	352422 [Tiandy Easy7 Integrated Management Platform حتى 7.17.0 Configuration ImportSystemConfiguration.jsp ملف تجاوز الصلاحيات]
النقاط	20

Do you need the next level of professionalism?

Upgrade your account now!