| 제목 | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection |
|---|
| 설명 | A critical SQL injection vulnerability exists in the rest/devStatus/queryResources endpoint of the application due to insufficient sanitization of the areaId parameter. A remote, unauthenticated attacker can exploit this via Boolean-based blind injection to bypass security controls and execute arbitrary SQL commands. This flaw allows for the full extraction of sensitive database content, potential modification of data, and can lead to a complete compromise of confidentiality, integrity, and availability without any user interaction |
|---|
| 원천 | ⚠️ https://my.feishu.cn/docx/F68OduQq8oI2MdxmjHlch8u5n8f?from=from_copylink |
|---|
| 사용자 | 0menc (UID 75423) |
|---|
| 제출 | 2026. 03. 05. AM 02:50 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 16. PM 05:31 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 351292 [Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint queryResources areaId SQL 주입] |
|---|
| 포인트들 | 20 |
|---|