PT-2017-15224 · Soy · Soy Cms
Asai Ken
·
Publicado
2017-05-12
·
Atualizado
2017-05-23
·
CVE-2017-2163
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SOY CMS versions 1.8.1 through 1.8.12
Description
A directory traversal issue allows authenticated attackers to read arbitrary files by manipulating the
shop id variable.Recommendations
For SOY CMS versions 1.8.1 through 1.8.12, consider restricting access to the vulnerable component until a patch is available. As a temporary workaround, avoid using the
shop id variable in sensitive operations to minimize the risk of exploitation.Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Soy Cms