SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-09-18T17:20:16

Updated: 2024-08-04T13:08:22.649Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15189

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-09-18T18:15:16.863

Modified: 2024-11-21T05:05:02.407

Link: CVE-2020-15189

cve-icon Redhat

No data.