| Title | Tiandy Technologies Co., Ltd. Eas7 Integrated Management Platform 7.17.0 SQL Injection |
|---|
| Description | A critical vulnerability was found in Eas7 Integrated Management Platform. It has been rated as critical. Affected by this issue is the component GetDBData.jsp. The manipulation of the argument strTBName with an optimized SQL payload leads to unauthenticated remote SQL injection. An attacker can exploit this to bypass all security controls, gaining full unauthorized access to the backend database. This allows for the extraction of sensitive administrative credentials and potentially grants the ability to modify or delete arbitrary data (Integrity Impact) and execute administrative functions, leading to a complete compromise of the system's confidentiality, integrity, and availability. |
|---|
| Source | ⚠️ https://my.feishu.cn/docx/RvTMdXwUqowtxNxt9BFcD3TOn3f?from=from_copylink |
|---|
| User | 0menc (UID 75423) |
|---|
| Submission | 02/28/2026 10:18 (1 month ago) |
|---|
| Moderation | 03/08/2026 18:41 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349784 [Tiandy Easy7 CMS Windows 7.17.0 GetDBData.jsp strTBName sql injection] |
|---|
| Points | 20 |
|---|