CVE-2026-3818 | Tiandy Easy7 CMS Windows 7.17.0 GetDBData.jsp strTBName sql injection

Inserito da Angelo Barbosa | Mar 8, 2026 | CVE

A vulnerability was found in Tiandy Easy7 CMS Windows 7.17.0. It has been rated as critical. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection.

This vulnerability appears as CVE-2026-3818. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3818 | Tiandy Easy7 CMS Windows 7.17.0 GetDBData.jsp strTBName sql injection

Post correlati

CVE-2024-47064 | cvat-ai cvat up to 2.18.x cross site scripting (GHSA-hp6c-f34j-qjj7)

CVE-2025-64256 | PressTigers Simple Folio Plugin up to 1.1.0 on WordPress cross-site request forgery

CVE-2024-24571 | WillyXJ facileManager up to 4.5.0 cross site scripting (GHSA-h7w3-xv88-2xqj)

CVE-2024-41695 | Cybonet PineApp Mail Relay prior 5.2.1 Revision 20jun24 Security Update path traversal