Latest soplanning soplanning Vulnerabilities

CVE-2020-13963
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code...
Soplanning Soplanning>=1.45<1.47
CVE-2020-15597
SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field.
Soplanning Soplanning<=1.46.01
CVE-2020-9339
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
Soplanning Soplanning=1.45
CVE-2020-9338
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
Soplanning Soplanning=1.45
CVE-2020-9268
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Soplanning Soplanning=1.45
CVE-2020-9269
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
Soplanning Soplanning=1.45
CVE-2020-9267
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
Soplanning Soplanning=1.45
CVE-2020-9266
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
Soplanning Soplanning=1.45
CVE-2019-20179
SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.
Soplanning Soplanning<=1.45
CVE-2014-8673
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
Soplanning Soplanning<=1.32
CVE-2014-8674
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php...
Soplanning Soplanning<1.33

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203