| शीर्षक | Tiandy Technologies Co., Ltd Easy7 Integrated Management Platform 7.17.0 SQL Injection |
|---|
| विवरण | A critical vulnerability has been identified in the Easy7 Integrated Management Platform. This issue affects the GetDBDataEx.jsp component. The manipulation of the strTBName argument with a sophisticated SQL payload leads to an unauthenticated remote SQL injection.
The vulnerability allows a remote attacker to bypass all authentication mechanisms and gain full, unauthorized access to the backend database. By exploiting this flaw, an attacker can extract sensitive information (such as administrative credentials), modify or delete arbitrary data, and potentially achieve complete control over the system's Confidentiality, Integrity, and Availability (CIA). |
|---|
| स्रोत | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/MOEfw7m4xiwxifkGWwDcNzEPnD0?from=from_copylink |
|---|
| उपयोगकर्ता | bigbrother_man (UID 96003) |
|---|
| सबमिशन | 27/04/2026 09:25 AM (1 महीना पहले) |
|---|
| संयम | 24/05/2026 10:55 AM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365446 [Tiandy Easy7 Integrated Management Platform 7.17.0 GetDBDataEx.jsp strTBName SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|