Critical severity10.0NVD Advisory· Published Sep 18, 2020· Updated Jun 17, 2026
CVE-2020-15188
CVE-2020-15188
Description
SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.
Affected products
3<=3.0.2.327+ 1 more
- (no CPE)range: <=3.0.2.327
- (no CPE)range: < 3.0.2.328
Patches
Vulnerability mechanics
References
4- github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020nvdPatchThird Party Advisory
- github.com/inunosinsi/soycms/issues/10nvdExploitThird Party Advisory
- github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jpnvdExploitThird Party Advisory
- www.youtube.com/watchnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.