| Titel | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 OS Command Injection |
|---|
| Beschreibung | A critical Remote Command Execution (RCE) vulnerability exists in the ImportSystemConfiguration.jsp endpoint. The application fails to properly sanitize or validate the uploaded configuration files. An unauthenticated remote attacker can upload a specially crafted .bin file containing malicious OS commands, which are subsequently executed via the sh shell through command injection. Successful exploitation allows the attacker to execute arbitrary commands with administrative privileges (e.g., root), leading to a full system compromise. |
|---|
| Quelle | ⚠️ https://my.feishu.cn/docx/WkHjd3oajoIw5exHk9ecUHaFnKd?from=from_copylink |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 09.03.2026 03:12 (vor 2 Monaten) |
|---|
| Moderieren | 22.03.2026 10:27 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 352422 [Tiandy Easy7 Integrated Management Platform bis 7.17.0 Configuration ImportSystemConfiguration.jsp Datei erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|