3 matches found
CVE-2020-7356
CVE-2020-7356 affects Cayin xPost up to version 2.5, where an unauthenticated SQL injection in the GET parameter wayfinder_seqid of wayfinder_meeting_input.jsp allows manipulation of SQL queries and execution of SYSTEM commands. Exploitation is demonstrated by public advisories and linked exploit...
CVE-2020-7356
creationtimestamp| type| source ---|---|--- 2020-06-18 15:43:56+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/cayinxpostsqlrce.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:30+00:00| seen|...
Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...