Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Cayin xPost by Cayin Technology
CVE-2020-7356 (GCVE-0-2020-7356)
Vulnerability from nvd – Published: 2020-08-06 15:45 – Updated: 2024-09-17 03:37
VLAI
Title
Cayin xPost SQL Injection
Summary
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
Severity
10 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | x_refsource_MISC |
| https://github.com/rapid7/metasploit-framework/pu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cayin Technology | Cayin xPost |
Affected:
2.5.18103
Affected: 2.0 Affected: 1.0 |
Date Public
2020-04-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cayin xPost",
"vendor": "Cayin Technology",
"versions": [
{
"status": "affected",
"version": "2.5.18103"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"datePublic": "2020-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-06T15:45:27.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cayin xPost SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-06T10:00:00.000Z",
"ID": "CVE-2020-7356",
"STATE": "PUBLIC",
"TITLE": "Cayin xPost SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cayin xPost",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.5.18103",
"version_value": "2.5.18103"
},
{
"version_affected": "=",
"version_name": "2.0",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Cayin Technology"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13607",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7356",
"datePublished": "2020-08-06T15:45:28.016Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:28.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7356 (GCVE-0-2020-7356)
Vulnerability from cvelistv5 – Published: 2020-08-06 15:45 – Updated: 2024-09-17 03:37
VLAI
Title
Cayin xPost SQL Injection
Summary
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
Severity
10 (Critical)
CWE
- CWE-89 - SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | x_refsource_MISC |
| https://github.com/rapid7/metasploit-framework/pu… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cayin Technology | Cayin xPost |
Affected:
2.5.18103
Affected: 2.0 Affected: 1.0 |
Date Public
2020-04-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cayin xPost",
"vendor": "Cayin Technology",
"versions": [
{
"status": "affected",
"version": "2.5.18103"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"datePublic": "2020-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-06T15:45:27.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cayin xPost SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-06T10:00:00.000Z",
"ID": "CVE-2020-7356",
"STATE": "PUBLIC",
"TITLE": "Cayin xPost SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cayin xPost",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.5.18103",
"version_value": "2.5.18103"
},
{
"version_affected": "=",
"version_name": "2.0",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Cayin Technology"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/13607",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/13607"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7356",
"datePublished": "2020-08-06T15:45:28.016Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:28.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}