Vulnerabilities > Soplanning > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-18 | CVE-2020-9269 | SQL Injection vulnerability in Soplanning 1.45 SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. | 7.2 |
| 2020-02-18 | CVE-2020-9268 | SQL Injection vulnerability in Soplanning 1.45 SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. | 7.5 |
| 2020-01-09 | CVE-2019-20179 | SQL Injection vulnerability in Soplanning SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. | 8.8 |
| 2017-08-31 | CVE-2014-8675 | Information Exposure vulnerability in Soplanning Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash. | 7.5 |