CVE-2020-15189

Name of the Vulnerable Software and Affected Versions SOY CMS versions prior to 3.0.2.328

Description The issue is caused by an insecure configuration in elFinder, allowing for Remote Code Execution (RCE) through Unrestricted File Upload. Additionally, a Cross-Site Scripting (XSS) vulnerability can be used to increase the impact by redirecting the administrator to access a specially crafted page.

Recommendations For SOY CMS versions prior to 3.0.2.328, update to version 3.0.2.328 to resolve the issue. As a temporary workaround, consider restricting access to the elFinder module to minimize the risk of exploitation.