CVE-2024-9573

SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*

History

08 Oct 2024, 18:45

Type Values Removed Values Added
CPE cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*
Summary
  • (es) Vulnerabilidad de inyección SQL en SOPlanning &lt;1.45, a través de /soplanning/www/groupe_list.php, en el parámetro by, que podría permitir a un usuario remoto enviar una consulta especialmente manipulada y extraer toda la información almacenada en el servidor.
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning - Third Party Advisory
First Time Soplanning soplanning
Soplanning
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 6.5

07 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-07 15:15

Updated : 2024-10-08 18:45


NVD link : CVE-2024-9573

Mitre link : CVE-2024-9573

CVE.ORG link : CVE-2024-9573


JSON object : View

Products Affected

soplanning

  • soplanning
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')