CVE-2026-3797 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLS_REST_File.java uploadFile fileName unrestricted upload

Inserito da Angelo Barbosa | Mar 8, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload.

This vulnerability is listed as CVE-2026-3797. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3797 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLS_REST_File.java uploadFile fileName unrestricted upload

Post correlati

CVE-2025-40722 | Flatboard Pro up to 3.2.1 /config.php/tags replace cross site scripting

CVE-2025-4030 | PHPGurukul COVID19 Testing Management System 1.0 search-report-result.php serachdata sql injection

CVE-2024-0680 | nimeshrmr WP Private Content Plus Plugin up to 3.6 on WordPress REST API protection mechanism

CVE-2024-7889 | Citrix Workspace App prior 2402 LTSR CU1/CR 2405 on Windows Local Privilege Escalation (CTX691485)