Vulnerabilities > Soplanning > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-27112 | SQL Injection vulnerability in Soplanning A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
| 2024-09-11 | CVE-2024-27113 | Authorization Bypass Through User-Controlled Key vulnerability in Soplanning An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
| 2024-09-11 | CVE-2024-27114 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Soplanning A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. | 9.8 |
| 2024-09-11 | CVE-2024-27115 | Unrestricted Upload of File with Dangerous Type vulnerability in Soplanning A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. | 9.8 |
| 2021-03-21 | CVE-2020-13963 | Use of Hard-coded Credentials vulnerability in Soplanning 1.45/1.46.01 SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. | 9.8 |
| 2020-02-18 | CVE-2020-9269 | SQL Injection vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. | 9.0 |