An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02.
References
Link | Resource |
---|---|
https://csirt.divd.nl/CVE-2024-27113 | Broken Link |
Configurations
History
18 Sep 2024, 18:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://csirt.divd.nl/CVE-2024-27113 - Broken Link | |
CWE | CWE-639 | |
Summary |
|
|
First Time |
Soplanning
Soplanning soplanning |
|
CPE | cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:* |
11 Sep 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-11 14:15
Updated : 2024-09-18 18:43
NVD link : CVE-2024-27113
Mitre link : CVE-2024-27113
CVE.ORG link : CVE-2024-27113
JSON object : View
Products Affected
soplanning
- soplanning