CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-15182

HIGH
8.4
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile33.52th
Published2020年9月17日
Last Modified2024年11月21日

Vulnerability Description

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328.

Affected Platforms (CPE)

📦
Soy Cms Project

Soy Cms

< 3.0.2.328
📦
Soy Inquiry Project

Soy Inquiry

< 2.0.0.4

References & Advisories

🔗 https://github.com/inunosinsi/soycms/pull/15
🔗 https://github.com/inunosinsi/soycms/security/advisories/GHSA-j2qw-747j-mfv4
🔗 https://youtu.be/ffvKH3gwyRE
🔗 https://github.com/inunosinsi/soycms/pull/15
🔗 https://github.com/inunosinsi/soycms/security/advisories/GHSA-j2qw-747j-mfv4
🔗 https://youtu.be/ffvKH3gwyRE

相关漏洞威胁

CVE-2020-1518810.0

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute a...

CVE-2017-21637.5

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via sh...

CVE-2019-113767.2

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendo...

CVE-2020-151896.8

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vul...