CVE-2026-4288 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint getDevDetailedInfo ID sql injection

Inserito da Angelo Barbosa | Mar 16, 2026 | CVE

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0 and classified as critical. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection.

This vulnerability is tracked as CVE-2026-4288. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4288 | Tiandy Easy7 Integrated Management Platform 7.17.0 Endpoint getDevDetailedInfo ID sql injection

Post correlati

CVE-2024-12785 | itsourcecode Vehicle Management System 1.0 sendmail.php id sql injection

CVE-2024-11122 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?msgid=1&operation=upload file unrestricted upload

CVE-2025-38527 | Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 smb cifs_oplock_break use after free

CVE-2025-5511 | quequnlong shiyi-blog up to 1.2.1 photos improper authorization