CVE-2024-7728

Description

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

CAYIN Technology / CMS-SE11.0 – 11.0
CAYIN Technology / CMS-SE(18.04)11.0 – 11.0
CAYIN Technology / CMS-SE(22.04)11.0 – 11.0

References

MISChttps://www.twcert.org.tw/en/cp-139-8002-b6167-2.html
MISChttps://www.twcert.org.tw/tw/cp-132-8001-8416d-1.html
MISChttps://resource1.cayintech.com/patch/