CVEブラウザに戻る

CVE-2020-15189

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1720%

EPSS Percentile14.45th

Published2020年9月18日

Last Modified2024年11月21日

Vulnerability Description

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328.

Affected Platforms (CPE)

📦

Brassica

Soy Cms

< 3.0.2.328

References & Advisories

🔗 https://github.com/inunosinsi/soycms/issues/9

🔗 https://github.com/inunosinsi/soycms/pull/14

🔗 https://github.com/inunosinsi/soycms/pull/14/commits/e4ef00677ed52f9e5a5fcfcb56b797f5412b5d59

🔗 https://github.com/inunosinsi/soycms/security/advisories/GHSA-6r2f-p68g-m433

🔗 https://youtu.be/FWIDFNXmr9g

🔗 https://github.com/inunosinsi/soycms/issues/9

🔗 https://github.com/inunosinsi/soycms/pull/14

🔗 https://github.com/inunosinsi/soycms/pull/14/commits/e4ef00677ed52f9e5a5fcfcb56b797f5412b5d59

関連する脆弱性情報

CVE-2020-1518810.0

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute a...

CVE-2020-151828.4

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnera...

CVE-2017-21637.5

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via sh...

CVE-2019-113767.2

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendo...