CVE-2026-4287 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint queryResources areaId sql injection

A vulnerability has been found in Tiandy Easy7 Integrated Management Platform 7.17.0 and classified as critical. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection.

This vulnerability is identified as CVE-2026-4287. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4287 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint queryResources areaId sql injection

Post correlati

CVE-2024-2028 | Exclusive Addons for Elementor Plugin up to 2.6.9 on WordPress Covid-19 Stats Widget cross site scripting

CVE-2025-9401 | HuangDou UTCMS 9 Login login.php code comparison

CVE-2025-1823 | IBM Jazz Reporting Service up to 7.0.3iFix020/7.1iFix006 allocation of resources

CVE-2024-46943 | OpenDaylight Authentication, Authorization and Accounting up to 0.19.3 Peer