CVE-2019-11376

2019-04-2014:35:52

mitre

www.cve.org

AI Score

7.4

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own.

References

www.iwantacve.cn/index.php/archives/212/

github.com/inunosinsi/soycms/issues/5