Remote Command Injection Vulnerability in CAYIN Technology CMS
CVE-2024-7728

7.2HIGH

Key Information:

Vendor

Cayin Technology

Status
Cms-se(22.04)
Cms-se(18.04)
Cms-se
Vendor
CVE Published:
14 August 2024

What is CVE-2024-7728?

A remote command injection vulnerability exists in the CAYIN Technology CMS due to improper validation of user input in a specific CGI script. This flaw allows an attacker with administrator privileges to inject and execute operating system commands on the server. This can lead to unauthorized access and manipulation of the server environment, potentially compromising sensitive information and functionalities.

Affected Version(s)

CMS-SE 11.0

CMS-SE(18.04) 11.0

CMS-SE(22.04) 11.0

References

https://www.twcert.org.tw/en/cp-139-8002-b6167-2.html
third-party-advisory
https://www.twcert.org.tw/tw/cp-132-8001-8416d-1.html
third-party-advisory
https://resource1.cayintech.com/patch/
patch

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-7728 : Remote Command Injection Vulnerability in CAYIN Technology CMS