PT-2026-56774 · Soplanning · Soplanning

Arkadiusz Marta

·

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-50644

CVSS v4.0

8.6

High

VectorAV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters all rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed (by the attacker or another user).
This issue was fixed in version 1.56.01.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-50644

Affected Products

Soplanning