Fujian Smart Integrated Management Platform System XAccessPermissionPlus.ashx sql injection

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Basic Information

ID CVE-2026-2820

Source VulDB

Published Feb 20, 2026 at 02:02

Affected Product

Vendor Fujian

Product Smart Integrated Management Platform System

Version 7.0

Affected Versions Fujian Smart Integrated Management Platform System 7.0
Fujian Smart Integrated Management Platform System 7.1
Fujian Smart Integrated Management Platform System 7.2
Fujian Smart Integrated Management Platform System 7.3
Fujian Smart Integrated Management Platform System 7.4
Fujian Smart Integrated Management Platform System 7.5

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-02-20T02:02:08.371Z",
    "modified": "2026-02-20T02:02:08.371Z",
    "type": "cve",
    "title": "Fujian Smart Integrated Management Platform System XAccessPermissionPlus.ashx sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346945\nhttps://vuldb.com/?ctiid.346945\nhttps://vuldb.com/?submit.753397\nhttps://github.com/luoye197-prog/cve-yinda-sql/blob/main/introduce\nhttps://github.com/luoye197-prog/cve-yinda-sql/blob/main/poc.py",
    "id": "CVE-2026-2820",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Fujian Smart Integrated Management Platform System 7.0\nFujian Smart Integrated Management Platform System 7.1\nFujian Smart Integrated Management Platform System 7.2\nFujian Smart Integrated Management Platform System 7.3\nFujian Smart Integrated Management Platform System 7.4\nFujian Smart Integrated Management Platform System 7.5",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Smart Integrated Management Platform System",
    "version": "7.0",
    "vendor": "Fujian",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Fujian Smart Integrated Management Platform System XAccessPermissionPlus.ashx sql injection_CVE-2026-2820