VYPR

So Planning

by Simple Online Planning

CVEs (5)

  • CVE-2014-8673CriJan 7, 2020
    risk 0.68cvss 9.8epss 0.12

    Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.

  • CVE-2024-27115CriSep 11, 2024
    risk 0.64cvss 9.8epss 0.05

    A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the…

  • CVE-2024-27114CriSep 11, 2024
    risk 0.64cvss 9.8epss 0.01

    A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to…

  • CVE-2024-27113CriSep 11, 2024
    risk 0.64cvss 9.8epss 0.00

    An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV…

  • CVE-2024-27112CriSep 11, 2024
    risk 0.64cvss 9.8epss 0.00

    A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02.