CVE-2026-2821

HIGH

Fujian Smart Platform <7.5 - SQL Injection

Title source: llm
STIX 2.1

Description

A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of the argument ChannelName causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

References (5)

Core 5
Core References
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.346946
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.346946
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.753405

Scores

CVSS v3 7.3
EPSS 0.0001
EPSS Percentile 3.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (6)
Fujian/Smart Integrated Management Platform System 7.0
Fujian/Smart Integrated Management Platform System 7.1
Fujian/Smart Integrated Management Platform System 7.2
Fujian/Smart Integrated Management Platform System 7.3
Fujian/Smart Integrated Management Platform System 7.4
Fujian/Smart Integrated Management Platform System 7.5
Published Feb 20, 2026
Tracked Since Feb 20, 2026