CNNVD-202601-4429 Information

Jan 27, 2026 cve

CNNVD ID

CNNVD-202601-4429

CVE-2026-1449

CNNVD Published: 2026-01-27

Description (Chinese)

Hisense TransTech Smart Bus Management System是中国海信（Hisense）公司的一款智能公交管理系统。 Hisense TransTech Smart Bus Management System 20260113及之前版本存在SQL注入漏洞，该漏洞源于对文件YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx中函数Page_Load参数key的错误操作，可能导致SQL注入攻击。

Description (English)

Hisense TransTech Smart Bus Management System is an intelligent public transport management system of Hisese. Hisense Tech Smart Bus System 20260113 and previous versions had an injection loophole in SQL, which stemmed from an error in the function of Page Load argument key in document YZSoft/Forms/XForm/BM/BusComManage/TireMng.aspx, which could lead to an attack on SQL.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

海信

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/master-abc/cve/issues/15 https://vuldb.com/?ctiid.342881 https://vuldb.com/?id.342881 https://vuldb.com/?submit.737032

Share on: