CVE-2020-15188 - OpenCVE

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Brassica	Soy Cms

Configuration 1 [-]

cpe:2.3:a:brassica:soy_cms:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/inunosinsi/soycms/issues/10	Exploit Third Party Advisory
https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020	Patch Third Party Advisory
https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp	Exploit Third Party Advisory
https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-09-18T17:05:18

Updated: 2020-09-18T17:05:18

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15188

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-18T17:15:12.503

Modified: 2020-09-29T14:04:43.257

Link: CVE-2020-15188

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"containers": {"cna": {"affected": [{"product": "soycms", "vendor": "inunosinsi", "versions": [{"status": "affected", "version": "< 3.0.2.328"}]}], "descriptions": [{"lang": "en", "value": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-18T17:05:18", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/inunosinsi/soycms/issues/10"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be"}], "source": {"advisory": "GHSA-hrrx-m22r-p9jp", "discovery": "UNKNOWN"}, "title": "Unauthenticated Remote Code Execution in SOY CMS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15188", "STATE": "PUBLIC", "TITLE": "Unauthenticated Remote Code Execution in SOY CMS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "soycms", "version": {"version_data": [{"version_value": "< 3.0.2.328"}]}}]}, "vendor_name": "inunosinsi"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-502\":\"Deserialization of Untrusted Data\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp", "refsource": "CONFIRM", "url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"}, {"name": "https://github.com/inunosinsi/soycms/issues/10", "refsource": "MISC", "url": "https://github.com/inunosinsi/soycms/issues/10"}, {"name": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020", "refsource": "MISC", "url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"}, {"name": "https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be"}]}, "source": {"advisory": "GHSA-hrrx-m22r-p9jp", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15188", "datePublished": "2020-09-18T17:05:18", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2020-09-18T17:05:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brassica:soy_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE978394-A82D-43E0-AE72-36ABB7FBB3F9", "versionEndExcluding": "3.0.2.328", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the form without any restrictions. This was fixed in 3.0.2.328."}, {"lang": "es", "value": "SOY CMS versiones 3.0.2.327 y anteriores, est\u00e1n afectadas por una Ejecuci\u00f3n de C\u00f3digo Remota (RCE) No Autenticado. El permite a atacantes remotos ejecutar cualquier c\u00f3digo arbitrario cuando la funcionalidad inquiry form es habilitada por el servicio. La vulnerabilidad es causada por la deserializaci\u00f3n del formulario sin restricciones. Esto se corrigi\u00f3 en versi\u00f3n 3.0.2.328"}], "id": "CVE-2020-15188", "lastModified": "2020-09-29T14:04:43.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-09-18T17:15:12.503", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/inunosinsi/soycms/issues/10"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/inunosinsi/soycms/pull/12/commits/a75642989132dd25f74a13194b27c0986c3de020"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/inunosinsi/soycms/security/advisories/GHSA-hrrx-m22r-p9jp"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=zAE4Swjc-GU&feature=youtu.be"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security-advisories@github.com", "type": "Primary"}]}