PT-2020-14253 · Soy · Soy Inquiry+1

Stypr

Published

2020-09-17

Updated

2020-09-23

CVE-2020-15182

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SOY Inquiry versions 2.0.0.3 and earlier

Description The issue affects the SOY Inquiry component of SOY CMS, allowing remote attackers to force administrators to edit files by loading a specially crafted webpage. This can happen when an administrator is logged in.

Recommendations For SOY Inquiry versions 2.0.0.3 and earlier, update to version 2.0.0.4 or later to resolve the issue.

Exploit

Fix

CSRF

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-22

Related Identifiers

CVE-2020-15182

GHSA-J2QW-747J-MFV4

Affected Products

Soy Cms

Soy Inquiry

PT-2020-14253 · Soy · Soy Inquiry+1

CVE-2020-15182

Weakness Enumeration

Related Identifiers

Affected Products

References · 5