The installation process for SOPlanning 1.32 and previous versions allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP prior to 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
soplanning soplanning |