PT-2017-15224 · Soy · Soy Cms
Asai Ken
·
Published
2017-05-12
·
Updated
2017-05-23
·
CVE-2017-2163
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SOY CMS versions 1.8.1 through 1.8.12
Description
A directory traversal issue allows authenticated attackers to read arbitrary files by manipulating the
shop id variable.Recommendations
For SOY CMS versions 1.8.1 through 1.8.12, consider restricting access to the vulnerable component until a patch is available. As a temporary workaround, avoid using the
shop id variable in sensitive operations to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Soy Cms