Published: 31/08/2017 Updated: 06/09/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

The installation process for SOPlanning 1.32 and previous versions allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP prior to 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
soplanning soplanning

SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: wwwsoplanningorg/ Product: SOPlanning - Simple Online Planning Version affected: 132 and prior Product description: SO Planning is an open source online planning tool completely free, ...

Simple Online Planning Tool version 132 suffers from code execution, cross site scripting, remote SQL injection, information disclosure, and path traversal vulnerabilities ...

CWE-94 CWE-284 https://www.exploit-db.com/exploits/37604/http://www.securityfocus.com/bid/75726 http://seclists.org/fulldisclosure/2015/Jul/44 http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html https://nvd.nist.gov https://www.exploit-db.com/exploits/37604/

CVE-2014-8677

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect