CVE-2024-9573

Summary

CVE-2024-9573 is an SQL injection vulnerability affecting SOPlanning versions prior to 1.45, specifically through the /soplanning/www/groupe_list.php endpoint using the by parameter. This flaw allows remote users to craft a malicious query that can extract sensitive information from the server. The vulnerability has a medium base severity score of 6.3 with low impacts on integrity, confidentiality, and availability, requiring no privileges and some user interaction. To remediate this issue, organizations should upgrade their SOPlanning installations to version 1.45 or later. If left unaddressed, this vulnerability poses a risk of data exposure and potential unauthorized access to organizational data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.