{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T22:40:53.925","vulnerabilities":[{"cve":{"id":"CVE-2017-2163","sourceIdentifier":"vultures@jpcert.or.jp","published":"2017-05-12T18:29:00.953","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id."},{"lang":"es","value":"Una vulnerabilidad de salto de directorio en SOY CMS en versiones 1.8.1 a 1.8.12 permite a atacantes autenticados leer archivos arbitrarios mediante shop_id."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"82D060DF-DF3C-4CE9-BC3B-9CC1408A04EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"116BC2BF-44A6-409C-A22F-9361386D60F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"28692E0A-F41B-41E6-8339-566B2BA944E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"90E1A3CF-2671-4E1A-9331-574B923D2DDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"538E250C-5FD5-45C8-A527-2C22BA748ED6"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.6:*:*:*:*:*:*:*","matchCriteriaId":"0892384B-4AE4-43E7-BDCC-00F96362A1DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.7:*:*:*:*:*:*:*","matchCriteriaId":"6E9AD215-0223-4452-B859-0F79F1A55D86"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.8:*:*:*:*:*:*:*","matchCriteriaId":"CF504454-B3E8-494A-86D8-AB68A58E0BE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.9:*:*:*:*:*:*:*","matchCriteriaId":"7F7E980B-9B25-430C-A8FD-EFC59DEE1E8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.10:*:*:*:*:*:*:*","matchCriteriaId":"4DB22671-D08D-49AF-9D97-EE1435DA9F33"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.11:*:*:*:*:*:*:*","matchCriteriaId":"D4E627BF-C070-4076-8582-D3A7E2B9DABD"},{"vulnerable":true,"criteria":"cpe:2.3:a:n-i-agroinformatics:soy_cms:1.8.12:*:*:*:*:*:*:*","matchCriteriaId":"E2F72D69-24C8-42CF-851E-7BAF5B2612AC"}]}]}],"references":[{"url":"http://jvn.jp/en/jp/JVN51819749/index.html","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://jvn.jp/en/jp/JVN51819749/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}