Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sun, 05 Jul 2026 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |
| Title | Hanwang e-Face General Management Platform querySysAuthStr.do sql injection | |
| First Time appeared |
Hanwang
Hanwang e-face General Management Platform |
|
| Weaknesses | CWE-74 CWE-89 |
|
| CPEs | cpe:2.3:a:hanwang:e-face_general_management_platform:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Hanwang
Hanwang e-face General Management Platform |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-05T10:00:36.457Z
Reserved: 2026-07-04T09:02:56.109Z
Link: CVE-2026-14737
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-05T12:30:05Z