CVE-2020-7356

Cayin xPost SQL Injection

CVSS 10 CRITICALEPSS 14.0%CWE-89

Vexday Risk Score

48Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 10EPSS 14.0%KEV nãoPoC —Nuclei —Metasploit simPatch —

Ciclo de vida

04 jun 2020Exploit Metasploit disponible

06 ago 2020Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Productos afectados

Cayin Technology · Cayin xPost

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/rapid7/metasploit-framework/pull/13607 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php