Vulnerabilities > Soplanning > Soplanning > 1.46.01
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-27112 | SQL Injection vulnerability in Soplanning A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
| 2024-09-11 | CVE-2024-27113 | Authorization Bypass Through User-Controlled Key vulnerability in Soplanning An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
| 2024-09-11 | CVE-2024-27114 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Soplanning A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. | 9.8 |
| 2024-09-11 | CVE-2024-27115 | Unrestricted Upload of File with Dangerous Type vulnerability in Soplanning A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. | 9.8 |
| 2021-03-21 | CVE-2020-13963 | Use of Hard-coded Credentials vulnerability in Soplanning 1.45/1.46.01 SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. | 9.8 |
| 2020-10-07 | CVE-2020-25867 | Improper Authentication vulnerability in Soplanning SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. | 5.3 |
| 2020-08-11 | CVE-2020-15597 | Cross-site Scripting vulnerability in Soplanning SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. | 5.4 |