Skip to main content

Soy Cms

8 CVEs product

Monthly

CVE-2024-28187 HIGH PATCH This Week

SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection File Upload Soy Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-15189 HIGH POC PATCH This Week

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload RCE Soy Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.8%
CVE-2020-15188 CRITICAL POC PATCH Act Now

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Soy Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-15182 CRITICAL POC PATCH Act Now

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE CSRF Path Traversal Soy Cms Soy Inquiry
NVD GitHub
CVSS 3.1
9.6
EPSS
1.2%
CVE-2019-11376 HIGH POC This Week

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Soy Cms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2017-2164 MEDIUM This Month

Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Soy Cms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-2163 HIGH Act Now

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Path Traversal Soy Cms
NVD
CVSS 3.0
7.5
EPSS
10.6%
CVE-2014-1998 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Soy Cms
NVD
CVSS 2.0
4.3
EPSS
0.2%
EPSS 2% CVSS 7.2
HIGH PATCH This Week

SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection File Upload Soy Cms
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC PATCH This Week

SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload RCE +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Soy Cms
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL POC PATCH Act Now

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE CSRF Path Traversal +2
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Soy Cms
NVD
EPSS 11% CVSS 7.5
HIGH Act Now

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Path Traversal Soy Cms
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Soy Cms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy