Lucene search
K

12 matches found

Check Point Advisories
Check Point Advisories
added 2020/11/16 12:0 a.m.8 views

CAYIN xPost Remote Code Execution (CVE-2020-7356)

A remote code execution vulnerability exists in CAYIN xPost. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.5AI score0.14014EPSS
Exploits5
NVD
NVD
added 2020/08/06 4:15 p.m.33 views

CVE-2020-7356

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

10CVSS10AI score0.14014EPSS
Exploits5References2
OSV
OSV
added 2020/08/06 4:15 p.m.2 views

CVE-2020-7356

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

9.8CVSS7.5AI score
Exploits0References2
Prion
Prion
added 2020/08/06 4:15 p.m.34 views

Sql injection

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

10CVSS9.9AI score0.14014EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2020/08/06 3:45 p.m.35 views

CVE-2020-7356 Cayin xPost SQL Injection

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

10CVSS10AI score0.14014EPSS
Exploits5References2
CVE
CVE
added 2020/08/06 3:45 p.m.96 views

CVE-2020-7356

CVE-2020-7356 affects Cayin xPost up to version 2.5, where an unauthenticated SQL injection in the GET parameter wayfinder_seqid of wayfinder_meeting_input.jsp allows manipulation of SQL queries and execution of SYSTEM commands. Exploitation is demonstrated by public advisories and linked exploit...

10CVSS9.9AI score0.14014EPSS
Exploits5References2Affected Software1
0day.today
0day.today
added 2020/06/18 12:0 a.m.361 views

Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...

10CVSS10AI score0.14014EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/06/18 12:0 a.m.614 views

Cayin xPost 2.5 SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin xPost wayfinderseqid SQLi to RCE', 'Description' = %q This module exploits an unauthenticated SQLi in Cayin xPost MSFLICENSE, 'Author' =...

0.3AI score0.14014EPSS
Exploits5
Metasploit
Metasploit
added 2020/06/09 5:7 p.m.38 views

Cayin xPost wayfinder_seqid SQLi to RCE

This module exploits an unauthenticated SQLi in Cayin xPost 'Cayin xPost wayfinderseqid SQLi to RCE', 'Description' = %q This module exploits an unauthenticated SQLi in Cayin xPost MSFLICENSE, 'Author' = 'h00die', msf module 'Gjoko Krstic LiquidWorm...

10CVSS9.5AI score0.14014EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2020/06/04 12:0 a.m.122 views

Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution

Summary CAYIN xPost is the web-based application software, which offers a combination of essential tools to create rich contents for digital signage in different vertical markets. It provides an easy-to-use platform for instant data entry and further extends the usage of CAYIN SMP players to meet...

10CVSS7.6AI score0.14014EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/06/04 12:0 a.m.310 views

Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection

!/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: 2.5.18103 2.0 1.0 Summary: CAYIN xPost is the web-based application software, which offers a combinatio...

0.6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/04/06 12:0 a.m.19 views

CVE-2020-7356

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter ‘wayfinderseqid’ in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

10CVSS10AI score0.14014EPSS
Exploits5References3
Rows per page
Query Builder