Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Cayin xPost by Cayin Technology

    CVE-2020-7356 (GCVE-0-2020-7356)

    Vulnerability from nvd – Published: 2020-08-06 15:45 – Updated: 2024-09-17 03:37
    VLAI
    Title
    Cayin xPost SQL Injection
    Summary
    CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cayin Technology Cayin xPost Affected: 2.5.18103
    Affected: 2.0
    Affected: 1.0
    Create a notification for this product.
    Date Public
    2020-04-06 00:00
    Credits
    This issue was discovered by Gjoko Krstic of Zero Science Lab.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.996Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/rapid7/metasploit-framework/pull/13607"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cayin xPost",
              "vendor": "Cayin Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.5.18103"
                },
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
            }
          ],
          "datePublic": "2020-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-06T15:45:27.000Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rapid7/metasploit-framework/pull/13607"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Cayin xPost SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@rapid7.com",
              "DATE_PUBLIC": "2020-04-06T10:00:00.000Z",
              "ID": "CVE-2020-7356",
              "STATE": "PUBLIC",
              "TITLE": "Cayin xPost SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cayin xPost",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "2.5.18103",
                                "version_value": "2.5.18103"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "2.0",
                                "version_value": "2.0"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "1.0",
                                "version_value": "1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cayin Technology"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php",
                  "refsource": "MISC",
                  "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
                },
                {
                  "name": "https://github.com/rapid7/metasploit-framework/pull/13607",
                  "refsource": "MISC",
                  "url": "https://github.com/rapid7/metasploit-framework/pull/13607"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2020-7356",
        "datePublished": "2020-08-06T15:45:28.016Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:28.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7356 (GCVE-0-2020-7356)

    Vulnerability from cvelistv5 – Published: 2020-08-06 15:45 – Updated: 2024-09-17 03:37
    VLAI
    Title
    Cayin xPost SQL Injection
    Summary
    CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Cayin Technology Cayin xPost Affected: 2.5.18103
    Affected: 2.0
    Affected: 1.0
    Create a notification for this product.
    Date Public
    2020-04-06 00:00
    Credits
    This issue was discovered by Gjoko Krstic of Zero Science Lab.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:25:48.996Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/rapid7/metasploit-framework/pull/13607"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cayin xPost",
              "vendor": "Cayin Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.5.18103"
                },
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
            }
          ],
          "datePublic": "2020-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-06T15:45:27.000Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rapid7/metasploit-framework/pull/13607"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Cayin xPost SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@rapid7.com",
              "DATE_PUBLIC": "2020-04-06T10:00:00.000Z",
              "ID": "CVE-2020-7356",
              "STATE": "PUBLIC",
              "TITLE": "Cayin xPost SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cayin xPost",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "2.5.18103",
                                "version_value": "2.5.18103"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "2.0",
                                "version_value": "2.0"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "1.0",
                                "version_value": "1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cayin Technology"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was discovered by Gjoko Krstic of Zero Science Lab."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter \u0027wayfinder_seqid\u0027 in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php",
                  "refsource": "MISC",
                  "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php"
                },
                {
                  "name": "https://github.com/rapid7/metasploit-framework/pull/13607",
                  "refsource": "MISC",
                  "url": "https://github.com/rapid7/metasploit-framework/pull/13607"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2020-7356",
        "datePublished": "2020-08-06T15:45:28.016Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:28.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }