CVEブラウザに戻る

CVE-2019-11376

HIGH

7.2

CVSS Severity Score

EPSS Score0.1140%

EPSS Percentile23.43th

Published2019年4月20日

Last Modified2024年11月21日

Vulnerability Description

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own.

Affected Platforms (CPE)

📦

Brassica

Soy Cms

= 3.0.2

References & Advisories

🔗 http://www.iwantacve.cn/index.php/archives/212/

🔗 https://github.com/inunosinsi/soycms/issues/5

🔗 http://www.iwantacve.cn/index.php/archives/212/

🔗 https://github.com/inunosinsi/soycms/issues/5

関連する脆弱性情報

CVE-2020-1518810.0

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute a...

CVE-2020-151828.4

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnera...

CVE-2017-21637.5

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via sh...

CVE-2020-151896.8

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vul...