CVE-2026-4585 | Tiandy Easy7 Integrated Management Platform up to 7.17.0 Configuration ImportSystemConfiguration.jsp File os command injection

A vulnerability classified as critical has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command injection.

This vulnerability is documented as CVE-2026-4585. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4585 | Tiandy Easy7 Integrated Management Platform up to 7.17.0 Configuration ImportSystemConfiguration.jsp File os command injection

Post correlati

CVE-2024-31228 | Redis up to 7.2.5 Pattern Matching src/util.c denial of service

CVE-2024-22905 | ARM Mbed OS 6.17.0 hciTrSerialRxIncoming buffer overflow

CVE-2024-49618 | Jordan Lyall MyTweetLinks Plugin up to 1.1.1 on WordPress sql injection

CVE-2024-1264 | Juanpao JPShop up to 1.5.02 UploadsController.php actionUpdate imgage unrestricted upload