Brassica

brassica

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15189 1Brassica 1Soy Cms Nov 21, 2024 Sep 18, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting t...Show more SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328.Show less
CVE-2020-15188 1Brassica 1Soy Cms Nov 21, 2024 Sep 18, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerabili...Show more SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.Show less
CVE-2019-11376 1Brassica 1Soy Cms Nov 21, 2024 Apr 20, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own.