Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Sciyon Koyuan Heat Network Management System 3.0 SQL Injection Risk
CVE-2026-2621
Summary
An unknown part of the system's web reporting feature is vulnerable to a security attack that could allow hackers to access sensitive data. This could happen if an attacker knows how to manipulate certain data sent to the system. Sciyon Koyuan has not yet fixed or acknowledged this issue, so users should take steps to protect themselves, such as blocking access to the affected feature or updating to a fixed version when available.
Original title
A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProx...
Original description
A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx. The manipulation of the argument PGUID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026