CVE-2026-4232: Tiandy Integrated Management Platform getAuthorityByUserId sql injection
A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-4232?
CVE-2026-4232 has been classified with a high severity due to its potential to enable SQL injection attacks.
How do I fix CVE-2026-4232?
To fix CVE-2026-4232, ensure that input validation is implemented for the userId parameter to prevent SQL injection.
What versions are affected by CVE-2026-4232?
CVE-2026-4232 affects version 7.17.0 of the Tiandy Integrated Management Platform.
What type of vulnerability is CVE-2026-4232?
CVE-2026-4232 is categorized as an SQL injection vulnerability.
Can CVE-2026-4232 lead to unauthorized access?
Yes, exploiting CVE-2026-4232 can potentially allow unauthorized access to sensitive data by executing arbitrary SQL commands.