12 matches found
CAYIN xPost Remote Code Execution (CVE-2020-7356)
A remote code execution vulnerability exists in CAYIN xPost. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-7356
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...
CVE-2020-7356
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...
Sql injection
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...
CVE-2020-7356 Cayin xPost SQL Injection
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...
CVE-2020-7356
CVE-2020-7356 affects Cayin xPost up to version 2.5, where an unauthenticated SQL injection in the GET parameter wayfinder_seqid of wayfinder_meeting_input.jsp allows manipulation of SQL queries and execution of SYSTEM commands. Exploitation is demonstrated by public advisories and linked exploit...
Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...
Cayin xPost 2.5 SQL Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin xPost wayfinderseqid SQLi to RCE', 'Description' = %q This module exploits an unauthenticated SQLi in Cayin xPost MSFLICENSE, 'Author' =...
Cayin xPost wayfinder_seqid SQLi to RCE
This module exploits an unauthenticated SQLi in Cayin xPost 'Cayin xPost wayfinderseqid SQLi to RCE', 'Description' = %q This module exploits an unauthenticated SQLi in Cayin xPost MSFLICENSE, 'Author' = 'h00die', msf module 'Gjoko Krstic LiquidWorm...
Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution
Summary CAYIN xPost is the web-based application software, which offers a combination of essential tools to create rich contents for digital signage in different vertical markets. It provides an easy-to-use platform for instant data entry and further extends the usage of CAYIN SMP players to meet...
Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection
!/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: 2.5.18103 2.0 1.0 Summary: CAYIN xPost is the web-based application software, which offers a combinatio...
CVE-2020-7356
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter ‘wayfinderseqid’ in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...