CVSS: 10.0EPSS: 57%CPEs: 3EXPL: 2CVE-2020-7356 – Cayin xPost SQL Injection
https://notcve.org/view.php?id=CVE-2020-7356
18 Jun 2020 — CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands. CAYIN xPost sufre una vulnerabilidad de inyección SQL no autenticada. La entrada pasada por medio del parámetro GET "wayfinder_seqid" en el archivo wayfinder_meet... • https://packetstorm.news/files/id/158141 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 78%CPEs: 23EXPL: 3CVE-2020-7357 – Cayin CMS Command Injection
https://notcve.org/view.php?id=CVE-2020-7357
18 Jun 2020 — Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5. Cayin CMS sufre de una vulnerabilidad de inyección de comando semi-ciega autenticada del Sistem... • https://packetstorm.news/files/id/158139 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-6954
https://notcve.org/view.php?id=CVE-2020-6954
13 Jan 2020 — An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI. Se descubrió un problema en los dispositivos Cayin SMP-PRO4. • https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-6955
https://notcve.org/view.php?id=CVE-2020-6955
13 Jan 2020 — An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS. Se descubrió un problema en los dispositivos Cayin SMP-PRO4. Permiten un ataque de tipo XSS reflejado en image_preview.html? • https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •