JVN#51819749: SOY CMS vulnerable to directory traversal

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System (CMS). SOY CMS contains a directory traversal vulnerability (CWE-22) due to a flaw in processing shop_id parameter.

Impact

An authenticated attacker may execute arbitrary PHP code on the server.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

• SOY CMS, Ver.1.8.1 to Ver.1.8.12