CVE-2024-57169

Critical CVSS: 9.8

A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.

Vendor

Soplanning

Product

Soplanning

CWE

CWE-434

Yayın Tarihi

2025-03-18 16:15:25

Güncelleme

2025-04-02 12:29:33

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Soplanning CRITICAL Soplanning 2025

Referanslar

https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-upload-leading-to-rce https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-upload-leading-to-rce

Benzer Kayıtlar

High

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to…

Medium

CVE-2025-62731

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is…

Medium

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Statu…

High

CVE-2025-62294

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recov…

Medium

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject ar…

Medium

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitra…