CVE-2026-9465
HighSummary
A vulnerability was found in Tiandy Easy7 Integrated Management Platform version 7.17.0, allowing SQL injection via manipulation of the strTBName argument in the /Easy7/apps/WebService/GetDBDataEx.jsp file.
Risk Assessment
Remote exploitation of this vulnerability could lead to unauthorized access to the database, posing a serious threat to the organization's data security.
Recommendation
It is recommended to immediately update the platform to the latest version and monitor systems for potential exploitation attempts.
Original NVD description (English source)
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

