CVE-2026-14737

Summary

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Affected Software

VendorProductVersion RangeStatus
Hanwange-Face General Management Platform6.3.5.4affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

References