SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
The vulnerability occurs in the /soplanning/www/user_groupes.php file, where the 'by' parameter is not properly validated or escaped before use in an SQL query. A remote attacker can submit a specially crafted HTTP request containing a malicious SQL payload. This allows execution of arbitrary queries to the database without the need for any privileges in the application.
An attacker can read all data stored in the SOPlanning application database, including potentially user authentication credentials, project information, and other sensitive organizational data. Depending on the environment configuration, data modification or deletion is also possible (CWE-89).
SOPlanning must be immediately updated to version 1.45 or later. Detailed information is available in the vendor references and in the INCIBE-CERT notice: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning
SOPlanning in versions below 1.45
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSoplanning
APPSoplanning< 1.45
Related vulnerabilities
SOPlanning 1.53.00 — ominięcie ograniczeń przesyłania plików prowadzące do RCE
IDOR w SO Planning umożliwia nieuwierzytelniony eksport bazy danych
SQL Injection w SO Planning — dostęp do bazy bez uwierzytelnienia
Nieuwierzytelniony RCE w SO Planning — nieograniczony upload plików
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related au...