CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-15188

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.055

EPSS Ranking 89.6%

CVSS Severity

CVSS v3 Score 10.0

CVSS v2 Score 6.8

References

https://github.com/inunosinsi/soycms/issues/10
https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020
https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp
https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be
https://github.com/inunosinsi/soycms/issues/10
https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020
https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp
https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be

Products affected by CVE-2020-15188

Brassica » Soy Cms » Version: N/A

cpe:2.3:a:brassica:soy_cms:-
Brassica » Soy Cms » Version: 1.8.15

cpe:2.3:a:brassica:soy_cms:1.8.15
Brassica » Soy Cms » Version: 3.0.0

cpe:2.3:a:brassica:soy_cms:3.0.0
Brassica » Soy Cms » Version: 3.0.1

cpe:2.3:a:brassica:soy_cms:3.0.1
Brassica » Soy Cms » Version: 3.0.2

cpe:2.3:a:brassica:soy_cms:3.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15188

Products

Pricing

Contact Us