Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
soplanning soplanning vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13963
SOPlanning prior to 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
Soplanning Soplanning
9.8
CVSSv3
CVE-2014-8673
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)prior to 1.33.
Soplanning Soplanning
1 EDB exploit
8.8
CVSSv3
CVE-2019-20179
SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.
Soplanning Soplanning
7.5
CVSSv3
CVE-2020-9268
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Soplanning Soplanning 1.45
1 Github repository
7.5
CVSSv3
CVE-2014-8675
Soplanning 1.32 and previous versions generates static links for sharing ICAL calendars with embedded login information, which allows remote malicious users to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
Soplanning Soplanning
1 EDB exploit
7.2
CVSSv3
CVE-2020-9269
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
Soplanning Soplanning 1.45
1 Github repository
6.5
CVSSv3
CVE-2020-9266
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
Soplanning Soplanning 1.45
1 Github repository
6.5
CVSSv3
CVE-2020-9267
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
Soplanning Soplanning 1.45
1 Github repository
5.4
CVSSv3
CVE-2020-15597
SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field.
Soplanning Soplanning
5.4
CVSSv3
CVE-2020-9339
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
Soplanning Soplanning 1.45
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »