CVE-2014-8677

Name of the Vulnerable Software and Affected Versions SOPlanning versions 1.32 and earlier

Description The issue allows remote authenticated users to execute arbitrary PHP code via a crafted database name, given certain conditions such as access to an existing database, permissions to create arbitrary databases, the use of PHP before version 5.2, a down configuration database, or a non-writable smarty/templates c directory.

Recommendations For SOPlanning versions 1.32 and earlier, update to a version later than 1.32 to resolve the issue. As a temporary workaround, consider restricting database creation permissions and ensuring smarty/templates c is writable, while also updating PHP to version 5.2 or later.