PT-2026-45360 · Soplanning · Soplanning
Łukasz Jaworski
·
Publicado
2026-06-01
·
Atualizado
2026-06-01
·
CVE-2026-40547
CVSS v4.0
6.4
Média
| Vetor | AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H |
SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 (Missing Authorization), any backup file can be read by any (unauthorized) user.
This issue affects SOPlanning version 1.55 and below.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Soplanning