CVEブラウザに戻る

CVE-2020-15188

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0860%

EPSS Percentile28.54th

Published2020年9月18日

Last Modified2024年11月21日

Vulnerability Description

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.

Affected Platforms (CPE)

📦

Brassica

Soy Cms

< 3.0.2.328

References & Advisories

🔗 https://github.com/inunosinsi/soycms/issues/10

🔗 https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020

🔗 https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp

🔗 https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be

🔗 https://github.com/inunosinsi/soycms/issues/10

🔗 https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020

🔗 https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp

🔗 https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be

関連する脆弱性情報

CVE-2020-151828.4

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnera...

CVE-2017-21637.5

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via sh...

CVE-2019-113767.2

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendo...

CVE-2020-151896.8

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vul...