Home > Vulnerability Database > CVE-2020-15188

Mend.io Vulnerability Database

CVE-2020-15188

Good to know:

Date: September 29, 2020

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.

Language: PHP

Severity Score

9.8

Related Resources (6)

Url: https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020

Url: https://github.com/inunosinsi/soycms/issues/10

Url: https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp

Url: https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-15188

Url: https://www.mend.io/vulnerability-database/CVE-2020-15188

Severity Score

9.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

Upgrade Version

Upgrade to version 3.0.2.328

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-15188

Good to know:

Date: September 29, 2020

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?