Back to CVE Browser

CVE-2020-15188

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0860%

EPSS Percentile28.54th

PublishedSep 18, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.

Affected Platforms (CPE)

📦

Brassica

Soy Cms

< 3.0.2.328

References & Advisories

🔗 https://github.com/inunosinsi/soycms/issues/10

🔗 https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020

🔗 https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp

🔗 https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be

🔗 https://github.com/inunosinsi/soycms/issues/10

🔗 https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020

🔗 https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp

🔗 https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be

Related Vulnerabilities

CVE-2020-151828.4

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnera...

CVE-2017-21637.5

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via sh...

CVE-2019-113767.2

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendo...

CVE-2020-151896.8

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vul...