| Titre | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection |
|---|
| Description | A critical SQL injection vulnerability exists in the rest/devStatus/queryResources endpoint of the application due to insufficient sanitization of the areaId parameter. A remote, unauthenticated attacker can exploit this via Boolean-based blind injection to bypass security controls and execute arbitrary SQL commands. This flaw allows for the full extraction of sensitive database content, potential modification of data, and can lead to a complete compromise of confidentiality, integrity, and availability without any user interaction |
|---|
| La source | ⚠️ https://my.feishu.cn/docx/F68OduQq8oI2MdxmjHlch8u5n8f?from=from_copylink |
|---|
| Utilisateur | 0menc (UID 75423) |
|---|
| Soumission | 05/03/2026 02:50 (il y a 3 mois) |
|---|
| Modérer | 16/03/2026 17:31 (12 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 351292 [Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint queryResources areaId injection SQL] |
|---|
| Points | 20 |
|---|