9.9
CVE-2020-7357
- EPSS 78.71%
- Veröffentlicht 06.08.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:37:06
- Quelle cve@rapid7.com
- CVE-Watchlists
- Unerledigt
LoginCayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cayintech ≫ Cms-se Firmware Version11.0 Update19179
Cayintech ≫ Cms-se Firmware Version11.0 Update19025
Cayintech ≫ Cms-se Firmware Version11.0 Update18325
Cayintech ≫ Cms-se-lxc Firmware Version-
Cayintech ≫ Cms-60 Firmware Version11.0 Update19025
Cayintech ≫ Cms-40 Firmware Version9.0 Update14197
Cayintech ≫ Cms-40 Firmware Version9.0 Update14199
Cayintech ≫ Cms-40 Firmware Version9.0 Update14093
Cayintech ≫ Cms-20 Firmware Version9.0 Update14197
Cayintech ≫ Cms-20 Firmware Version9.0 Update14092
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 78.71% | 0.99 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| cve@rapid7.com | 9.6 | 3.1 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.