CVE Catalog

CVE-2026-9465

High
Published: Translated: NVD NIST

Summary

A vulnerability was found in Tiandy Easy7 Integrated Management Platform version 7.17.0, allowing SQL injection via manipulation of the strTBName argument in the /Easy7/apps/WebService/GetDBDataEx.jsp file.

Risk Assessment

Remote exploitation of this vulnerability could lead to unauthorized access to the database, posing a serious threat to the organization's data security.

Recommendation

It is recommended to immediately update the platform to the latest version and monitor systems for potential exploitation attempts.

Original NVD description (English source)

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS