Cayin CMS Command Injection (CVE-2020-7357)

A command injection vulnerability exists in Cayin CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2020-7357

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTPServerIP' HTTP POST parameter in system.cgi page. This issue affects several...

CVE-2020-7357

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTPServerIP' HTTP POST parameter in system.cgi page. This issue affects several...

Command injection

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTPServerIP' HTTP POST parameter in system.cgi page. This issue affects several...

CVE-2020-7357 Cayin CMS Command Injection

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTPServerIP' HTTP POST parameter in system.cgi page. This issue affects several...

CVE-2020-7357

CVE-2020-7357 relates to Cayin CMS where an authenticated OS semi-blind command injection is possible via the NTP_Server_IP/NTP IP parameter in system.cgi. The issue requires authentication (default credentials) and can allow execution of arbitrary shell commands as root. Affected are multiple Ca...

PT-2020-19571 · Cayin · Cayin Cms-40 +4

Name of the Vulnerable Software and Affected Versions: Cayin CMS versions 7.5 through 8.2 Cayin CME-SE version affected versions not specified Cayin CMS-60 version affected versions not specified Cayin CMS-40 version affected versions not specified Cayin CMS-20 version affected versions not...

Cayin CMS NTP Server 11.0 CVE-2020-7357 - Remote Code Execution

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE',...

Cayin CMS NTP Server 11.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module...

Cayin CMS NTP Server 11.0 Remote Code Execution Exploit

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the systemservice.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin...

Cayin CMS NTP Server RCE

This module exploits an authenticated RCE in Cayin CMS 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module 'Gjoko Krstic LiquidWorm '...

Cayin Content Management Server 11.0 - Remote Command Injection (root)

Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.c...

CVE-2020-7357

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the ‘NTPServerIP’ HTTP POST parameter in system.cgi page. This issue affects several...