SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-09-18T17:20:16
Updated: 2024-08-04T13:08:22.649Z
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15189
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-09-18T18:15:16.863
Modified: 2024-11-21T05:05:02.407
Link: CVE-2020-15189
Redhat
No data.