A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:RedSoplanning
APPSoplanning< 1.52.02
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
References
Related vulnerabilities
CVE-2024-57169CRITICAL9.8PL ✓ten sam produkt
SOPlanning 1.53.00 — ominięcie ograniczeń przesyłania plików prowadzące do RCE
CVE-2024-9574CRITICAL9.8PL ✓ten sam produkt
SQL Injection w SOPlanning — dostęp do całej bazy danych
CVE-2024-27115CRITICAL10.0PL ✓ten sam produkt
Nieuwierzytelniony RCE w SO Planning — nieograniczony upload plików
CVE-2024-27113CRITICAL9.3PL ✓ten sam produkt
IDOR w SO Planning umożliwia nieuwierzytelniony eksport bazy danych
CVE-2020-13963CRITICAL9.8ten sam produkt
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related au...