| 标题 | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection |
|---|
| 描述 | A critical SQL injection vulnerability exists in the rest/devStatus/queryResources endpoint of the application due to insufficient sanitization of the areaId parameter. A remote, unauthenticated attacker can exploit this via Boolean-based blind injection to bypass security controls and execute arbitrary SQL commands. This flaw allows for the full extraction of sensitive database content, potential modification of data, and can lead to a complete compromise of confidentiality, integrity, and availability without any user interaction |
|---|
| 来源 | ⚠️ https://my.feishu.cn/docx/F68OduQq8oI2MdxmjHlch8u5n8f?from=from_copylink |
|---|
| 用户 | 0menc (UID 75423) |
|---|
| 提交 | 2026-03-05 02時50分 (3 月前) |
|---|
| 管理 | 2026-03-16 17時31分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 351292 [Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint queryResources areaId SQL注入] |
|---|
| 积分 | 20 |
|---|