CVE-2024-28187
published 2024-03-11CVE-2024-28187: SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to…
PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.62%
73.0th percentile
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality. This vulnerability has been patched in version 3.14.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inunosinsi | soycms | < 3.14.2 | 3.14.2 |
| saitodev | soy_cms | < 3.14.2 | 3.14.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/inunosinsi/soycms/commit/9b0e452f628df28dec69cd72b6b55db21066cbf8https://github.com/inunosinsi/soycms/security/advisories/GHSA-qg3q-hfgc-5jmmhttps://github.com/inunosinsi/soycms/commit/9b0e452f628df28dec69cd72b6b55db21066cbf8https://github.com/inunosinsi/soycms/security/advisories/GHSA-qg3q-hfgc-5jmm
2024-03-11
Published