CVE-2024-28187

Name of the Vulnerable Software and Affected Versions SOY CMS versions prior to 3.14.2

Description The issue is an OS Command Injection vulnerability within the file upload feature when accessed by an administrator, allowing the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality.

Recommendations For SOY CMS versions prior to 3.14.2, upgrade to version 3.14.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature for administrators until the upgrade is applied. Additionally, avoid using semicolons in file names to minimize the risk of exploitation.