Vulnerability Description
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brassica | Soy Cms | < 3.0.2.328 |
Related Weaknesses (CWE)
References
- https://github.com/inunosinsi/soycms/issues/10ExploitThird Party Advisory
- https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b2PatchThird Party Advisory
- https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jpExploitThird Party Advisory
- https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.beExploitThird Party Advisory
- https://github.com/inunosinsi/soycms/issues/10ExploitThird Party Advisory
- https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b2PatchThird Party Advisory
- https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jpExploitThird Party Advisory
- https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.beExploitThird Party Advisory
FAQ
What is CVE-2020-15188?
CVE-2020-15188 is a vulnerability with a CVSS score of 10.0 (CRITICAL). SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the serv...
How severe is CVE-2020-15188?
CVE-2020-15188 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-15188?
Check the references section above for vendor advisories and patch information. Affected products include: Brassica Soy Cms.