CVE-2024-9574

SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
Configurations

Configuration 1 (hide)

cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*

History

08 Oct 2024, 18:45

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección SQL en SOPlanning &lt;1.45, a través de /soplanning/www/user_groupes.php en el parámetro by, que podría permitir a un usuario remoto enviar una consulta especialmente manipulada, permitiendo a un atacante recuperar toda la información almacenada en la base de datos.
CPE cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*
First Time Soplanning soplanning
Soplanning
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning - Third Party Advisory
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 6.5

07 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-07 15:15

Updated : 2024-10-08 18:45


NVD link : CVE-2024-9574

Mitre link : CVE-2024-9574

CVE.ORG link : CVE-2024-9574


JSON object : View

Products Affected

soplanning

  • soplanning
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')