QwikSec

Security Database

CVE

CWE

Training

CVE-2020-15182

Published: Sep 17, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

8.4

HIGH

Description

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328.

Vendor	Product	Versions
inunosinsi	soycms	affected `< 2.0.0.4`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/inunosinsi/soycms/security/advisories/GHSA-j2qw-747j-mfv4

x_refsource_CONFIRM

https://youtu.be/ffvKH3gwyRE

x_refsource_MISC

https://github.com/inunosinsi/soycms/pull/15

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.