CyberSec.Space Logo
Back to CVE Browser

CVE-2020-7356

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1020%
EPSS Percentile5.00th
PublishedAug 6, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.

Affected Platforms (CPE)

πŸ“¦
Cayintech

Xpost

= 1.0
πŸ“¦
Cayintech

Xpost

= 2.0
πŸ“¦
Cayintech

Xpost

= 2.5.18103

References & Advisories

πŸ”— https://github.com/rapid7/metasploit-framework/pull/13607
πŸ”— https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php
πŸ”— https://github.com/rapid7/metasploit-framework/pull/13607
πŸ”— https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php

Related Vulnerabilities

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696310.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...