Home > Vulnerability Database > CVE-2020-15182

Mend.io Vulnerability Database

CVE-2020-15182

Date: September 17, 2020

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328.

Language: PHP

Severity Score

8.4

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-15182

Url: https://youtu.be/ffvKH3gwyRE

Url: https://github.com/inunosinsi/soycms/pull/15

Url: https://github.com/inunosinsi/soycms/security/advisories/GHSA-j2qw-747j-mfv4

Url: https://www.mend.io/vulnerability-database/CVE-2020-15182

Severity Score

8.4

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Unrestricted Upload of File with Dangerous Type

CWE-434

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-15182

Date: September 17, 2020

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?