| Title | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 OS Command Injection |
|---|
| Description | A critical Remote Command Execution (RCE) vulnerability exists in the ImportSystemConfiguration.jsp endpoint. The application fails to properly sanitize or validate the uploaded configuration files. An unauthenticated remote attacker can upload a specially crafted .bin file containing malicious OS commands, which are subsequently executed via the sh shell through command injection. Successful exploitation allows the attacker to execute arbitrary commands with administrative privileges (e.g., root), leading to a full system compromise. |
|---|
| Source | ⚠️ https://my.feishu.cn/docx/WkHjd3oajoIw5exHk9ecUHaFnKd?from=from_copylink |
|---|
| User | Anonymous User |
|---|
| Submission | 03/09/2026 03:12 (1 month ago) |
|---|
| Moderation | 03/22/2026 10:27 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 352422 [Tiandy Easy7 Integrated Management Platform up to 7.17.0 Configuration ImportSystemConfiguration.jsp File os command injection] |
|---|
| Points | 20 |
|---|