CVE-2024-7728

Summary

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.

Affected Software

VendorProductVersion RangeStatus
CAYIN TechnologyCMS-SE(22.04)11.0affected
CAYIN TechnologyCMS-SE(18.04)11.0affected
CAYIN TechnologyCMS-SE11.0affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References