CVE-2024-9573

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.45

Description The issue allows a remote user to send a specially crafted query and extract all the information stored on the server through the /soplanning/www/groupe list.php endpoint, specifically in the by parameter.

Recommendations For SOPlanning versions prior to 1.45, consider disabling access to the /soplanning/www/groupe list.php endpoint until a patch is available. Restrict the use of the by parameter in this endpoint to minimize the risk of exploitation. Update to a version 1.45 or later to resolve the issue.