Published:
2017/05/11
Last Updated:
2017/05/11
Information from Nippon Institute of Agroinformatics Ltd.
Vulnerability ID:JVN#51819749
Title:SOY CMS vulnerable to directory traversal
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
SOY CMS has a path traversal vulnerability.
Affected version: 1.8.1 and higher
Fixed version: 1.8.13 (Published on 19th April, 2017)
Solution
1. Use the latest version.
or
2. Replace a file soycms/js/elfinder/php/connector.php with the file included in the latest version.
Other information
1. This vulnerability is not vulnerabitily of elFinder itself.