CVE-2026-2820
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Tags
Description
A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Analysis
SQL injection in Fujitsu Smart Integrated Management Platform System version 7.5 and earlier allows unauthenticated remote attackers to execute arbitrary SQL queries via the DeviceIDS parameter in the XAccessPermissionPlus.ashx endpoint. Public exploit code exists for this vulnerability, enabling potential database compromise and unauthorized data access. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all instances of Fujitan Smart Integrated Management Platform System and identify those running version 7.5 or earlier; immediately isolate affected systems from production networks where possible. Within 7 days: Implement network segmentation to restrict access to affected systems, enable enhanced monitoring and logging, and contact Fujitan for patch availability and timeline. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today