top of page
perceptive_background_267k.jpg

A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusC…

Published:

26 January 2026 at 23:00:00

Alert date:

27 January 2026 at 01:01:26

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Mobile & IoT

A SQL injection vulnerability (CVE-2026-1449) has been discovered in Hisense TransTech Smart Bus Management System up to version 20260113. The flaw affects the Page_Load function in the TireMng.aspx file, where manipulation of the 'key' argument leads to SQL injection. The vulnerability can be exploited remotely, and a public exploit is available. The vendor was contacted but did not respond to the disclosure.

Technical details

Mitigation steps:

Affected products:

Hisense TransTech Smart Bus Management System

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-1449
https://github.com/master-abc/cve/issues/15
https://vuldb.com/?ctiid.342881
https://vuldb.com/?id.342881
https://vuldb.com/?submit.737032

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page