CVE-2026-4289

HIGH

Tiandy Easy7 Integrated Management Platform getRecByTemplateId sql injection

Title source: cna
STIX 2.1

Description

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-351294 | Tiandy Easy7 Integrated Management Platform getRecByTemplateId sql injection
https://vuldb.com/?id.351294
Signature, Permissions Required signature permissions-required
VDB-351294 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.351294
Third Party Advisory third-party-advisory
Submit #771997 | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 SQL Injection
https://vuldb.com/?submit.771997

Scores

CVSS v3 7.3
EPSS 0.0025
EPSS Percentile 16.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (18)
Tiandy/Easy7 Integrated Management Platform 7.0
Tiandy/Easy7 Integrated Management Platform 7.1
Tiandy/Easy7 Integrated Management Platform 7.10
Tiandy/Easy7 Integrated Management Platform 7.11
Tiandy/Easy7 Integrated Management Platform 7.12
Tiandy/Easy7 Integrated Management Platform 7.13
Tiandy/Easy7 Integrated Management Platform 7.14
Tiandy/Easy7 Integrated Management Platform 7.15
Tiandy/Easy7 Integrated Management Platform 7.16
Tiandy/Easy7 Integrated Management Platform 7.17.0
... and 8 more
Published Mar 17, 2026
Tracked Since Mar 17, 2026