Vulnerabilities > CVE-2020-15189 - Unspecified vulnerability in Brassica SOY CMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
References
- https://github.com/inunosinsi/soycms/issues/9
- https://github.com/inunosinsi/soycms/issues/9
- https://github.com/inunosinsi/soycms/pull/14
- https://github.com/inunosinsi/soycms/pull/14
- https://github.com/inunosinsi/soycms/pull/14/commits/e4ef00677ed52f9e5a5fcfcb56b797f5412b5d59
- https://github.com/inunosinsi/soycms/pull/14/commits/e4ef00677ed52f9e5a5fcfcb56b797f5412b5d59
- https://github.com/inunosinsi/soycms/security/advisories/GHSA-6r2f-p68g-m433
- https://github.com/inunosinsi/soycms/security/advisories/GHSA-6r2f-p68g-m433
- https://youtu.be/FWIDFNXmr9g
- https://youtu.be/FWIDFNXmr9g