CVE-2024-28187

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-28187
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28187.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-28187
Related
  • GHSA-qg3q-hfgc-5jmm
Published
2024-03-11T20:15:07Z
Modified
2025-01-29T02:51:32Z
Summary
[none]
Details

SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality. This vulnerability has been patched in version 3.14.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/inunosinsi/soycms

Affected ranges

Type
GIT
Repo
https://github.com/inunosinsi/soycms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed