CVE-2024-28187 HIGH

CVE-2024-28187: OS Command Injection Vulnerability in SOY CMS

Vendor Inunosinsi

Product soycms

Weakness CWE-78

Published March 11, 2024

Last update August 27, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality. This vulnerability has been patched in version 3.14.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

March 11, 2024 CVE published

August 27, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-28187

Related vulnerabilities

CVE-2024-28187: OS Command Injection Vulnerability in SOY CMS

01Description

02Disclosure timeline

03References

04Related CVE