VYPR
Critical severity10.0NVD Advisory· Published Sep 18, 2020· Updated Jun 17, 2026

CVE-2020-15188

CVE-2020-15188

Description

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.

Affected products

3
  • Inunosinsi/Soycmsllm-fuzzy2 versions
    <=3.0.2.327+ 1 more
    • (no CPE)range: <=3.0.2.327
    • (no CPE)range: < 3.0.2.328
  • S CMS/S CMSllm-fuzzy
    Range: <=3.0.2.327

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.