CyberSec.Space Logo
Back to CVE Browser

CVE-2019-11376

HIGH
7.2
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile23.43th
PublishedApr 20, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own.

Affected Platforms (CPE)

πŸ“¦
Brassica

Soy Cms

= 3.0.2

References & Advisories

πŸ”— http://www.iwantacve.cn/index.php/archives/212/
πŸ”— https://github.com/inunosinsi/soycms/issues/5
πŸ”— http://www.iwantacve.cn/index.php/archives/212/
πŸ”— https://github.com/inunosinsi/soycms/issues/5

Related Vulnerabilities

CVE-2020-1518810.0

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute a...

CVE-2020-151828.4

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnera...

CVE-2017-21637.5

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via sh...

CVE-2020-151896.8

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vul...