A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.
The attacker sends a crafted request to the /process/upload.php endpoint, bypassing the restrictions applied by the application regarding allowed file types or extensions (CWE-434: Unrestricted Upload of File with Dangerous Type). As a result of successfully bypassing the filters, it is possible to upload a malicious file, such as a server-side executable script. After placing the file on the server, the attacker can cause its execution and take control of the system.
An attacker can gain the ability to execute arbitrary code remotely (RCE) on the server hosting the SOPlanning application, which may result in full system takeover, data leakage, and violation of service integrity and availability.
Apply patches available from the vendor according to the references. Until the update is applied, it is recommended to restrict network access to the /process/upload.php endpoint and implement additional file upload control mechanisms at the web server level or application firewall (WAF).
SOPlanning version 1.53.00
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSoplanning
APPSoplanning1.53.00
Related vulnerabilities
SQL Injection w SOPlanning — dostęp do całej bazy danych
IDOR w SO Planning umożliwia nieuwierzytelniony eksport bazy danych
SQL Injection w SO Planning — dostęp do bazy bez uwierzytelnienia
Nieuwierzytelniony RCE w SO Planning — nieograniczony upload plików
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related au...