| Title | Tiandy Tiandy video surveillance system 7.17.0 Server-Side Request Forgery |
|---|
| Description | The downLoadImage interface in Tiandy video surveillance system is vulnerable to Server-Side Request Forgery (SSRF).Since the urlPath parameter is fully controlled by the user, the subsequent calls to openConnection() and getInputStream() result in an SSRF vulnerability. |
|---|
| Source | ⚠️ https://my.feishu.cn/wiki/C1TIwBoJziINWlkGt8ucnZJPnEb?from=from_copylink |
|---|
| User | Anonymous User |
|---|
| Submission | 02/11/2026 09:15 (2 months ago) |
|---|
| Moderation | 02/22/2026 17:48 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 347368 [Tiandy Video Surveillance System 视频监控平台 7.17.0 CLSBODownLoad.java downloadImage urlPath server-side request forgery] |
|---|
| Points | 18 |
|---|