A vulnerability classified as critical has been found in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection.

This vulnerability is traded as CVE-2026-14737. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.