SQL Injection Vulnerability in Tiandy Easy7 Integrated Management Platform
CVE-2026-4289
Key Information:
- Vendor
Tiandy
- Vendor
- CVE Published:
- 17 March 2026
Badges
What is CVE-2026-4289?
A SQL injection vulnerability exists in the Tiandy Easy7 Integrated Management Platform in versions up to 7.17.0, specifically within the /rest/preSetTemplate/getRecByTemplateId function. The vulnerability arises from improper validation of the ID argument, allowing attackers to manipulate SQL queries executed by the platform. This issue can be exploited remotely, posing a significant risk to data integrity and confidentiality. Despite early notification to Tiandy Technologies regarding this vulnerability, no response has been recorded, highlighting potential concerns for users relying on this platform for security management.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Easy7 Integrated Management Platform 7.0
Easy7 Integrated Management Platform 7.1
Easy7 Integrated Management Platform 7.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved