CVE-2024-57170

Medium CVSS: 6.5

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables attackers to delete arbitrary files outside the intended upload directory, potentially leading to denial of service or disruption of application functionality.

Vendor

Soplanning

Product

Soplanning

CWE

CWE-22

Yayın Tarihi

2025-03-18 16:15:25

Güncelleme

2025-04-02 12:29:14

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-22 Soplanning MEDIUM Soplanning 2025

Referanslar

https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-deletion https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-deletion

Benzer Kayıtlar

High

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to…

Medium

CVE-2025-62731

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is…

Medium

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Statu…

High

CVE-2025-62294

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recov…

Medium

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject ar…

Medium

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitra…