汇总 cayintech 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 SQL 注入、跨站脚本与路径处理缺陷 相关,可能在 生产负载与软件部署 场景中带来 会话劫持与数据泄露 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2020-7357 | Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5. | [email protected] | 9.6 | 77.16% | 2020-08-06 | 2024-11-21 |
| CVE-2020-7356 | CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands. | [email protected] | 10.0 | 61.51% | 2020-08-06 | 2024-11-21 |
| CVE-2020-6955 | An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS. | [email protected] | 6.1 | 0.33% | 2020-01-13 | 2024-11-21 |
| CVE-2020-6954 | An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI. | [email protected] | 6.5 | 0.34% | 2020-01-13 | 2024-11-21 |