CVE-2026-1449
HIGHHisense TransTech Smart Bus Management System <20260113 - SQL Injec...
Title source: llmDescription
A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.342881
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.342881
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.737032
Issue Tracking exploit
issue-tracking
https://github.com/master-abc/cve/issues/15
Scores
CVSS v3
7.3
EPSS
0.0035
EPSS Percentile
26.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
Hisense TransTech/Smart Bus Management System
20260113
Published
Jan 27, 2026
Tracked Since
Feb 18, 2026