| Título | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection |
|---|
| Descripción | A critical SQL injection vulnerability was identified in the rest/devStatus/getDevDetailedInfo endpoint of Tiandy Easy7 Integrated Management Platform. Due to a lack of input validation on the id parameter, a remote, unauthenticated attacker can execute arbitrary SQL queries. Using automated tools like SQLMap, it is possible to successfully extract the entire database structure and sensitive data (DBS), leading to a complete compromise of system confidentiality and integrity. |
|---|
| Fuente | ⚠️ https://my.feishu.cn/docx/LgjudozCFo9rVTx57hJcDyk0nXd?from=from_copylink |
|---|
| Usuario | 0menc (UID 75423) |
|---|
| Sumisión | 2026-03-05 03:17 (hace 2 meses) |
|---|
| Moderación | 2026-03-16 17:31 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 351293 [Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint getDevDetailedInfo ID inyección SQL] |
|---|
| Puntos | 20 |
|---|