VYPR
Critical severity9.6NVD Advisory· Published Aug 6, 2020· Updated Jun 17, 2026

CVE-2020-7357

CVE-2020-7357

Description

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Kalmia/CMSllm-fuzzy
    Range: 8.2, 8.0, 7.5
  • 9.0 Build 14917+ 2 more
    • (no CPE)range: 9.0 Build 14917
    • (no CPE)range: 11.0 Build 19179
    • (no CPE)range: 8.2 Build 12199

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.