PT-2019-12267 · Soy · Soy Cms

Ryan0Lb

+1

·

Publicado

2019-04-20

·

Atualizado

2024-08-04

·

CVE-2019-11376

CVSS v3.1

7.2

Alta

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SOY CMS version 3.0.2
Description The issue allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. It is based on an assumption that the content is made editable on its own.
Recommendations For SOY CMS version 3.0.2, consider removing or restricting the ability to input PHP code in the second text box as a temporary workaround until a patch is available.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2019-11376

Produtos afetados

Soy Cms