A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02.
References
Link | Resource |
---|---|
https://csirt.divd.nl/CVE-2024-27114 | Broken Link |
Configurations
History
19 Sep 2024, 14:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:* | |
First Time |
Soplanning
Soplanning soplanning |
|
References | () https://csirt.divd.nl/CVE-2024-27114 - Broken Link |
12 Sep 2024, 14:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
11 Sep 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-11 14:15
Updated : 2024-09-19 14:27
NVD link : CVE-2024-27114
Mitre link : CVE-2024-27114
CVE.ORG link : CVE-2024-27114
JSON object : View
Products Affected
soplanning
- soplanning
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition