Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
soplanning vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-25867
SoPlanning prior to 1.47 doesn't correctly check the security key used to publicly share plannings. It allows a bypass to get access without authentication.
Soplanning Soplanning
1 Github repository
668
VMScore
CVE-2020-13963
SOPlanning prior to 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
Soplanning Soplanning
312
VMScore
CVE-2020-15597
SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field.
Soplanning Soplanning
755
VMScore
CVE-2014-8673
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)prior to 1.33.
Soplanning Soplanning
1 EDB exploit
355
VMScore
CVE-2014-8674
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) prior to 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
Soplanning Soplanning
1 EDB exploit
505
VMScore
CVE-2014-8675
Soplanning 1.32 and previous versions generates static links for sharing ICAL calendars with embedded login information, which allows remote malicious users to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
Soplanning Soplanning
1 EDB exploit
505
VMScore
CVE-2014-8676
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and previous versions allows remote malicious users to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
Soplanning Soplanning
1 EDB exploit
355
VMScore
CVE-2014-8677
The installation process for SOPlanning 1.32 and previous versions allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP prior to 5.2 is being used, the configura...
Soplanning Soplanning
1 EDB exploit
578
VMScore
CVE-2019-20179
SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.
Soplanning Soplanning
801
VMScore
CVE-2020-9269
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
Soplanning Soplanning 1.45
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »