CVE-2024-9574

Summary

CVE-2024-9574 is a critical SQL injection vulnerability affecting SOPlanning versions prior to 1.45, specifically through the /soplanning/www/user_groupes.php path using the by parameter. This flaw could enable remote attackers to execute crafted queries that expose sensitive database information, posing a significant confidentiality and integrity risk to affected organizations. The vulnerability has an exploitability score of 3.9 and a base severity rating of 9.8, indicating high potential for misuse without requiring user interaction or special privileges. To remediate this issue, users are advised to upgrade to SOPlanning version 1.45 or later. The attack complexity is low, and successful exploitation could lead to severe impacts on availability as well as data integrity and confidentiality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.