CVE Catalog

CVE-2026-14737

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

A SQL injection vulnerability was found in Hanwang e-Face General Management Platform 6.3.5.4 in the file /sysAuthStr/querySysAuthStr.do. An attacker can remotely manipulate the order argument, leading to SQL injection. The exploit is publicly available.

Risk Assessment

The organization is at risk of remote database compromise, potentially leading to data leakage or unauthorized modification.

Recommendation

Immediately update the platform to the latest version or apply temporary mitigations such as input validation and parameterized queries.

Original NVD description (English source)

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS