CVE-2026-4289 | Tiandy Easy7 Integrated Management Platform up to 7.17.0 getRecByTemplateId ID sql injection

Inserito da Angelo Barbosa | Mar 16, 2026 | CVE

A vulnerability was found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. It has been classified as critical. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection.

This vulnerability is listed as CVE-2026-4289. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4289 | Tiandy Easy7 Integrated Management Platform up to 7.17.0 getRecByTemplateId ID sql injection

Post correlati

CVE-2025-45984 | Blink BL-X26_DA3 sub_45B238 routepwd command injection

CVE-2024-26642 | Linux Kernel up to 6.7 Netfilter Privilege Escalation (16603605b667)

CVE-2025-3771 | Trellix System Information Reporter 1.0.3 link following

CVE-2025-5349 | Citrix NetScaler ADC/NetScaler Gateway up to 43.55/58.31 Management Interface improper validation of specified quantity in input (CTX693420)