PT-2024-21657 · Unknown · Soplanning
Hidde Smit
+1
·
Published
2024-09-11
·
Updated
2024-09-18
·
CVE-2024-27115
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:I/V:C/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
SO Planning online planning tool versions prior to 1.52.02
Description
A Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool, allowing an attacker to upload executable files to a publicly accessible folder without verifying any requirements. This leads to the possibility of executing code on the underlying system when the file is triggered.
Recommendations
For versions prior to 1.52.02, update to version 1.52.02 to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Soplanning