A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02.
References
Link | Resource |
---|---|
https://csirt.divd.nl/CVE-2024-27112 | Broken Link |
Configurations
History
18 Sep 2024, 18:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
Summary |
|
|
First Time |
Soplanning
Soplanning soplanning |
|
References | () https://csirt.divd.nl/CVE-2024-27112 - Broken Link |
11 Sep 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-11 14:15
Updated : 2024-09-18 18:42
NVD link : CVE-2024-27112
Mitre link : CVE-2024-27112
CVE.ORG link : CVE-2024-27112
JSON object : View
Products Affected
soplanning
- soplanning
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')