Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistGitHub_MCVELIST:CVE-2020-15188
HistorySep 18, 2020 - 5:05 p.m.

CVE-2020-15188 Unauthenticated Remote Code Execution in SOY CMS

2020-09-1817:05:18
CWE-502
GitHub_M
www.cve.org
2
cve-2020-15188
soy cms
unauthenticated remote code execution

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.093

Percentile

94.7%

JSON

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.

CNA Affected

[
  {
    "product": "soycms",
    "vendor": "inunosinsi",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.0.2.328"
      }
    ]
  }
]

Related

nvd 1
prion 1
cve 1
nvd
nvd
CVE-2020-15188
2020-09-18 17:15:12
prion
prion
Remote code execution
2020-09-18 17:15:00
cve
cve
CVE-2020-15188
2020-09-18 17:15:12

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.093

Percentile

94.7%

JSON
Related for CVELIST:CVE-2020-15188
nvd1prion1cve1