{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-9465", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-24T08:55:37.419Z", "datePublished": "2026-05-25T14:15:38.136Z", "dateUpdated": "2026-05-26T13:06:57.964Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-25T14:15:38.136Z" }, "title": "Tiandy Easy7 Integrated Management Platform GetDBDataEx.jsp sql injection", "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection" } ] }, { "descriptions": [ { "type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection" } ] } ], "affected": [ { "vendor": "Tiandy", "product": "Easy7 Integrated Management Platform", "versions": [ { "version": "7.17.0", "status": "affected" } ], "cpes": [ "cpe:2.3:a:tiandy:easy7_integrated_management_platform:*:*:*:*:*:*:*:*" ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way." } ], "metrics": [ { "cvssV4_0": { "version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM" } }, { "cvssV3_1": { "version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH" } }, { "cvssV3_0": { "version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH" } }, { "cvssV2_0": { "version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" } } ], "timeline": [ { "time": "2026-05-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed" }, { "time": "2026-05-24T02:00:00.000Z", "lang": "en", "value": "VulDB entry created" }, { "time": "2026-05-24T11:00:45.000Z", "lang": "en", "value": "VulDB entry last update" } ], "credits": [ { "lang": "en", "value": "bigbrother_man (VulDB User)", "type": "reporter" }, { "lang": "en", "value": "VulDB CNA Team", "type": "coordinator" } ], "references": [ { "url": "https://vuldb.com/vuln/365446", "name": "VDB-365446 | Tiandy Easy7 Integrated Management Platform GetDBDataEx.jsp sql injection", "tags": [ "vdb-entry", "technical-description" ] }, { "url": "https://vuldb.com/vuln/365446/cti", "name": "VDB-365446 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ] }, { "url": "https://vuldb.com/submit/813979", "name": "Submit #813979 | Tiandy Technologies Co., Ltd Easy7 Integrated Management Platform 7.17.0 SQL Injection", "tags": [ "third-party-advisory" ] }, { "url": "https://ucn9h68n9289.feishu.cn/wiki/MOEfw7m4xiwxifkGWwDcNzEPnD0?from=from_copylink", "tags": [ "exploit" ] } ] }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-05-26T13:06:51.982613Z", "id": "CVE-2026-9465", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T13:06:57.964Z" } } ] } }