Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by cayintech
CVE-2020-7357 (GCVE-0-2020-7357)
Vulnerability from cvelistv5 – Published: 2020-08-06 15:45 – Updated: 2024-09-17 03:12
VLAI
Title
Cayin CMS Command Injection
Summary
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.
Severity
9.6 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/rapid7/metasploit-framework/pu… | x_refsource_MISC |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vendor-advisoryx_refsource_IBM |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cayin Technology | Cayin CMS-SE |
Affected:
11.0 Build 19179 , ≤ 11.0 Build 19179
(custom)
|
|
| Cayin Technology | Cayin CMS-60 |
Affected:
11.0 Build 19025 , ≤ 11.0 Build 19025
(custom)
|
|
| Cayin Technology | Cayin CMS-40 |
Affected:
9.0 Build 14917 , ≤ 9.0 Build 14917
(custom)
|
|
| Cayin Technology | Cayin CMS-20 |
Affected:
9.0 Build 14917 , ≤ 9.0 Build 14917
(custom)
|
|
| Cayin Technology | Cayin CMS |
Affected:
8.2 Build 12199
Affected: 8.0 Build 11175 Affected: 7.5 Build 11175 |
Date Public
2020-04-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php"
},
{
"tags": [
"vendor-advisory",
"x_refsource_IBM",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cayin CMS-SE",
"vendor": "Cayin Technology",
"versions": [
{
"lessThanOrEqual": "11.0 Build 19179",
"status": "affected",
"version": "11.0 Build 19179",
"versionType": "custom"
}
]
},
{
"product": "Cayin CMS-60",
"vendor": "Cayin Technology",
"versions": [
{
"lessThanOrEqual": "11.0 Build 19025",
"status": "affected",
"version": "11.0 Build 19025",
"versionType": "custom"
}
]
},
{
"product": "Cayin CMS-40",
"vendor": "Cayin Technology",
"versions": [
{
"lessThanOrEqual": "9.0 Build 14917",
"status": "affected",
"version": "9.0 Build 14917",
"versionType": "custom"
}
]
},
{
"product": "Cayin CMS-20",
"vendor": "Cayin Technology",
"versions": [
{
"lessThanOrEqual": "9.0 Build 14917",
"status": "affected",
"version": "9.0 Build 14917",
"versionType": "custom"
}
]
},
{
"product": "Cayin CMS",
"vendor": "Cayin Technology",
"versions": [
{
"status": "affected",
"version": "8.2 Build 12199"
},
{
"status": "affected",
"version": "8.0 Build 11175"
},
{
"status": "affected",
"version": "7.5 Build 11175"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"datePublic": "2020-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the \u0027NTP_Server_IP\u0027 HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-06T15:45:28.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php"
},
{
"tags": [
"vendor-advisory",
"x_refsource_IBM"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cayin CMS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-06T10:00:00.000Z",
"ID": "CVE-2020-7357",
"STATE": "PUBLIC",
"TITLE": "Cayin CMS Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cayin CMS-SE",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "11.0 Build 19179",
"version_value": "11.0 Build 19179"
}
]
}
},
{
"product_name": "Cayin CMS-60",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "11.0 Build 19025",
"version_value": "11.0 Build 19025"
}
]
}
},
{
"product_name": "Cayin CMS-40",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0 Build 14917",
"version_value": "9.0 Build 14917"
}
]
}
},
{
"product_name": "Cayin CMS-20",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "9.0 Build 14917",
"version_value": "9.0 Build 14917"
}
]
}
},
{
"product_name": "Cayin CMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "8.2 Build 12199",
"version_value": "8.2 Build 12199"
},
{
"version_affected": "=",
"version_name": "8.0 Build 11175",
"version_value": "8.0 Build 11175"
},
{
"version_affected": "=",
"version_name": "7.5 Build 11175",
"version_value": "7.5 Build 11175"
}
]
}
}
]
},
"vendor_name": "Cayin Technology"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the \u0027NTP_Server_IP\u0027 HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13607",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
},
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925",
"refsource": "IBM",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182925"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7357",
"datePublished": "2020-08-06T15:45:28.433Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:12:42.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7356 (GCVE-0-2020-7356)
Vulnerability from cvelistv5 – Published: 2020-08-06 15:45 – Updated: 2024-09-17 03:37
VLAI
Title
Cayin xPost SQL Injection
Summary
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
Severity
10 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | x_refsource_MISC |
| https://github.com/rapid7/metasploit-framework/pu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cayin Technology | Cayin xPost |
Affected:
2.5.18103
Affected: 2.0 Affected: 1.0 |
Date Public
2020-04-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cayin xPost",
"vendor": "Cayin Technology",
"versions": [
{
"status": "affected",
"version": "2.5.18103"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"datePublic": "2020-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-06T15:45:27.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cayin xPost SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-06T10:00:00.000Z",
"ID": "CVE-2020-7356",
"STATE": "PUBLIC",
"TITLE": "Cayin xPost SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cayin xPost",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.5.18103",
"version_value": "2.5.18103"
},
{
"version_affected": "=",
"version_name": "2.0",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Cayin Technology"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13607",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7356",
"datePublished": "2020-08-06T15:45:28.016Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:28.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}