CRITICAL🇵🇱 Wersja polska

CVE-2024-27113

CVSS 9.3v4.0pub. 2024-09-11upd. 2024-09-18

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:M/U:Red
  • Soplanning

    APP
    Soplanning
    < 1.52.02
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
IDOR
CWE
References

Related vulnerabilities

CVE-2024-57169CRITICAL9.8PL ✓ten sam produkt

SOPlanning 1.53.00 — ominięcie ograniczeń przesyłania plików prowadzące do RCE

CVE-2024-9574CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SOPlanning — dostęp do całej bazy danych

CVE-2024-27115CRITICAL10.0PL ✓ten sam produkt

Nieuwierzytelniony RCE w SO Planning — nieograniczony upload plików

CVE-2024-27112CRITICAL9.3PL ✓ten sam produkt

SQL Injection w SO Planning — dostęp do bazy bez uwierzytelnienia

CVE-2020-13963CRITICAL9.8ten sam produkt

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related au...