PT-2020-14259 · Soy · Soy Cms

Published

2020-09-18

Updated

2020-09-29

CVE-2020-15188

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SOY CMS versions 3.0.2.327 and earlier

Description The issue allows remote attackers to execute arbitrary code when the inquiry form feature is enabled. This is caused by unserializing the form without restrictions.

Recommendations For versions 3.0.2.327 and earlier, update to version 3.0.2.328 to resolve the issue. As a temporary workaround, consider disabling the inquiry form feature until the update is applied.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2020-15188

GHSA-HRRX-M22R-P9JP

Affected Products

Soy Cms

PT-2020-14259 · Soy · Soy Cms

CVE-2020-15188

Weakness Enumeration

Related Identifiers

Affected Products

References · 6