CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-7356

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.571

EPSS Ranking 98.0%

CVSS Severity

CVSS v3 Score 10.0

CVSS v2 Score 10.0

References

https://github.com/rapid7/metasploit-framework/pull/13607
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php
https://github.com/rapid7/metasploit-framework/pull/13607
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5571.php

Products affected by CVE-2020-7356

Cayintech » Xpost » Version: 1.0

cpe:2.3:a:cayintech:xpost:1.0
Cayintech » Xpost » Version: 2.0

cpe:2.3:a:cayintech:xpost:2.0
Cayintech » Xpost » Version: 2.5.18103

cpe:2.3:a:cayintech:xpost:2.5.18103

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7356

Products

Pricing

Contact Us