VYPR
Medium severity5.3NVD Advisory· Published Aug 31, 2017· Updated Jun 17, 2026

CVE-2014-8677

CVE-2014-8677

Description

The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*range: <=1.32
    • (no CPE)range: <=1.32

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.