10

CVE-2020-15188

Exploit

Unauthenticated Remote Code Execution in SOY CMS

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BrassicaSoy Cms Version < 3.0.2.328
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.08% 0.912
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
security-advisories@github.com 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/inunosinsi/soycms/issues/10
Third Party Advisory
Exploit
https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020
Patch
Third Party Advisory
https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp
Third Party Advisory
Exploit
https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be
Third Party Advisory
Exploit