Published: 2017/05/11  Last Updated: 2017/05/11

Information from Nippon Institute of Agroinformatics Ltd.

Vulnerability ID:JVN#51819749
Title:SOY CMS vulnerable to directory traversal
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

SOY CMS has a path traversal vulnerability.

Affected version: 1.8.1 and higher
Fixed version: 1.8.13 (Published on 19th April, 2017)

Solution
1. Use the latest version.
or
2. Replace a file soycms/js/elfinder/php/connector.php with the file included in the latest version.

Other information
1. This vulnerability is not vulnerabitily of elFinder itself.