CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution RCE. The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed...

10CVSS8.3AI score0.04693EPSS

Exploits1

RedhatCVE•added 2025/02/05 2:55 p.m.•6 views

CVE-2020-15182

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery CSRF and Remote Code Execution RCE. The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially...

9.6CVSS7.6AI score0.00916EPSS

Exploits1

RedhatCVE•added 2025/02/05 12:59 a.m.•5 views

CVE-2024-28187

SOY CMS is an open source CMS content management system that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the executi...

7.2CVSS7.5AI score0.00347EPSS

Exploits0References1

NVD•added 2024/03/11 8:15 p.m.•9 views

CVE-2024-28187

7.2CVSS7.4AI score0.00347EPSS

Exploits0References2

Prion•added 2024/03/11 8:15 p.m.•31 views

Command injection

5.8CVSS7.4AI score0.00347EPSS

Exploits0References2

CVE•added 2024/03/11 7:54 p.m.•54 views

CVE-2024-28187

SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection via the file upload feature when accessed by an administrator, allowing arbitrary OS commands through specially crafted filenames containing a semicolon (jpegoptim functionality). The vulnerability is patched in version 3....

7.2CVSS7.4AI score0.00347EPSS

Exploits0References2Affected Software1

OSV•added 2024/03/11 7:54 p.m.•12 views

CVE-2024-28187 OS Command Injection Vulnerability in SOY CMS

7.2CVSS7.3AI score0.00347EPSS

Exploits0References4

Vulnrichment•added 2024/03/11 7:54 p.m.•12 views

CVE-2024-28187 OS Command Injection Vulnerability in SOY CMS

7.2CVSS7.5AI score0.00347EPSS

Exploits0References2

Cvelist•added 2024/03/11 7:54 p.m.•15 views

CVE-2024-28187 OS Command Injection Vulnerability in SOY CMS

7.2CVSS7.6AI score0.00347EPSS

Exploits0References2

CNNVD•added 2024/03/11 12:0 a.m.•1 views

SOY CMS Security Vulnerability

SOY CMS is a content management system CMS. A security vulnerability exists in SOY CMS versions prior to 3.14.2 that originates from allowing arbitrary operating system commands to be executed via specially crafted filenames containing semicolons, which can affect jpegoptim functionality...

7.2CVSS7AI score0.00347EPSS

Exploits0References3

OSV•added 2020/09/18 6:15 p.m.•0 views

CVE-2020-15189

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution RCE using Unrestricted File Upload. Cross-Site ScriptingXSS vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused...

7.2CVSS6.5AI score

Exploits0References5

NVD•added 2020/09/18 6:15 p.m.•7 views

CVE-2020-15189

7.2CVSS0.05039EPSS

Exploits1References5

Prion•added 2020/09/18 6:15 p.m.•9 views

Unrestricted file upload

6.5CVSS5.7AI score0.05039EPSS

Exploits2References5Affected Software1

CVE•added 2020/09/18 5:20 p.m.•31 views

CVE-2020-15189