CVE-2020-15188

Опубликовано: 18 сент. 2020

Источник: nvd

CVSS3: 10

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.

Ссылки

https://github.com/inunosinsi/soycms/issues/10
Exploit
Third Party Advisory
https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020
Patch
Third Party Advisory
https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be
Exploit
Third Party Advisory
https://github.com/inunosinsi/soycms/issues/10
Exploit
Third Party Advisory
https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020
Patch
Third Party Advisory
https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:brassica:soy_cms:*:*:*:*:*:*:*:*

Версия до 3.0.2.328 (исключая)

EPSS

Процентиль: 89%

0.04693

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-502

EPSS

Процентиль: 89%

0.04693

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-502