Tiandy Easy7 Integrated Management Platform SQL Injection Vulnerability in Endpoint getDevDetailedInfo

Vulnerability

A critical SQL injection vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0. The issue arises in the Endpoint component, specifically within the /rest/devStatus/getDevDetailedInfo function. The vulnerability allows remote, unauthenticated attackers to manipulate the ID parameter, leading to the execution of arbitrary SQL queries. This lack of input validation could be exploited to extract the entire database structure and sensitive information, compromising the system's confidentiality and integrity.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, with potential extraction of the database and sensitive information, leading to a complete compromise of system confidentiality and integrity.

Added: Mar 17, 2026, 12:19 AM

Updated: Mar 17, 2026, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tiandy Easy7 Integrated Management Platform SQL Injection Vulnerability in Endpoint getDevDetailedInfo

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating