Inunosinsi Soycms vulnerabilities
4 known vulnerabilities affecting inunosinsi/soycms.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-15188P2CRITICALCVSS 9.8fixed in 3.0.2.3282020-09-18
CVE-2020-15188 [CRITICAL] CWE-502 CVE-2020-15188: SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.
nvd
CVE-2020-15182P3CRITICALCVSS 9.6fixed in 2.0.0.42020-09-17
CVE-2020-15182 [CRITICAL] CWE-22 CVE-2020-15182: The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Cod
The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged
nvd
CVE-2024-28187P3HIGHCVSS 7.2fixed in 3.14.22024-03-11
CVE-2024-28187 [HIGH] CWE-78 CVE-2024-28187: SOY CMS is an open source CMS (content management system) that allows you to build blogs and online
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted fi
nvd
CVE-2020-15183P4MEDIUMCVSS 4.8fixed in 3.0.2.3282020-09-17
CVE-2020-15183 [MEDIUM] CWE-79 CVE-2020-15183: SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote C
SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage.
nvd