CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-7356

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1020%
EPSS Percentile5.00th
Published2020年8月6日
Last Modified2024年11月21日

Vulnerability Description

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.

Affected Platforms (CPE)

📦
Cayintech

Xpost

= 1.0
📦
Cayintech

Xpost

= 2.0
📦
Cayintech

Xpost

= 2.5.18103

References & Advisories

🔗 https://github.com/rapid7/metasploit-framework/pull/13607
🔗 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php
🔗 https://github.com/rapid7/metasploit-framework/pull/13607
🔗 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php

関連する脆弱性情報

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...

CVE-2020-1207910.0

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isola...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2020-1238910.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...