| タイトル | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection |
|---|
| 説明 | A critical SQL injection vulnerability exists in the rest/devStatus/queryResources endpoint of the application due to insufficient sanitization of the areaId parameter. A remote, unauthenticated attacker can exploit this via Boolean-based blind injection to bypass security controls and execute arbitrary SQL commands. This flaw allows for the full extraction of sensitive database content, potential modification of data, and can lead to a complete compromise of confidentiality, integrity, and availability without any user interaction |
|---|
| ソース | ⚠️ https://my.feishu.cn/docx/F68OduQq8oI2MdxmjHlch8u5n8f?from=from_copylink |
|---|
| ユーザー | 0menc (UID 75423) |
|---|
| 送信 | 2026年03月05日 02:50 (1 月 ago) |
|---|
| モデレーション | 2026年03月16日 17:31 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 351292 [Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint queryResources areaId SQLインジェクション] |
|---|
| ポイント | 20 |
|---|