| 제목 | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 OS Command Injection |
|---|
| 설명 | A critical Remote Command Execution (RCE) vulnerability exists in the ImportSystemConfiguration.jsp endpoint. The application fails to properly sanitize or validate the uploaded configuration files. An unauthenticated remote attacker can upload a specially crafted .bin file containing malicious OS commands, which are subsequently executed via the sh shell through command injection. Successful exploitation allows the attacker to execute arbitrary commands with administrative privileges (e.g., root), leading to a full system compromise. |
|---|
| 원천 | ⚠️ https://my.feishu.cn/docx/WkHjd3oajoIw5exHk9ecUHaFnKd?from=from_copylink |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 03. 09. AM 03:12 (1 월 ago) |
|---|
| 모더레이션 | 2026. 03. 22. AM 10:27 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352422 [Tiandy Easy7 Integrated Management Platform 까지 7.17.0 Configuration ImportSystemConfiguration.jsp 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|