CVE-2026-3818

HIGH

Tiandy Easy7 CMS 7.17.0 - SQL Injection

Title source: llm

Description

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Various Sources] https://my.feishu.cn/docx/RvTMdXwUqowtxNxt9BFcD3TOn3f?from=from_copylink

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349784

[Permissions Required, VDB Entry] https://vuldb.com/?id.349784

[Permissions Required, VDB Entry] https://vuldb.com/?submit.769536

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 7.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-89 CWE-74

Status draft

Timeline

Published Mar 09, 2026

Tracked Since Mar 09, 2026