| 제목 | Tiandy Technologies Co., Ltd. Eas7 Integrated Management Platform 7.17.0 SQL Injection |
|---|
| 설명 | A critical vulnerability was found in Eas7 Integrated Management Platform. It has been rated as critical. Affected by this issue is the component GetDBData.jsp. The manipulation of the argument strTBName with an optimized SQL payload leads to unauthenticated remote SQL injection. An attacker can exploit this to bypass all security controls, gaining full unauthorized access to the backend database. This allows for the extraction of sensitive administrative credentials and potentially grants the ability to modify or delete arbitrary data (Integrity Impact) and execute administrative functions, leading to a complete compromise of the system's confidentiality, integrity, and availability. |
|---|
| 원천 | ⚠️ https://my.feishu.cn/docx/RvTMdXwUqowtxNxt9BFcD3TOn3f?from=from_copylink |
|---|
| 사용자 | 0menc (UID 75423) |
|---|
| 제출 | 2026. 02. 28. AM 10:18 (1 월 ago) |
|---|
| 모더레이션 | 2026. 03. 08. PM 06:41 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 349784 [Tiandy Easy7 CMS Windows 7.17.0 GetDBData.jsp strTBName SQL 주입] |
|---|
| 포인트들 | 20 |
|---|