Published: 29/03/2024 Updated: 05/04/2024

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated malicious user to receive an administrative API token.

Check Point Reference: CPAI-2023-1698 Date Published: 27 May 2024 Severity: Medium ...

A wildcard injection inside a prepared SQL statement was found in an undocumented Visual Planning 8 REST API route The combination of fuzzy matching (via LIKE operator) and user-controlled input allows exfiltrating the REST API key based on distinguishable server responses If exploited, attackers are able to gain administrative access to the REST ...

Full Disclosure mailing list archives   By Date By Thread </form>    SCHUTZWERK-SA-2023-003: Authentication Bypass in Visual Planning REST API  <!--X-Head-of-Me ...

https://www.visual-planning.com/en/support-portal/updates https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-003.txt https://www.schutzwerk.com/blog/schutzwerk-sa-2023-003/http://seclists.org/fulldisclosure/2024/Apr/1 https://nvd.nist.gov https://packetstormsecurity.com/files/177959/Visual-Planning-REST-API-2.0-Authentication-Bypass.html https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1698.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-49231

Vulnerability Summary

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect