CVE-2024-9574
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-9574 is a newly disclosed SQL injection vulnerability affecting SOPlanning versions below 1.45. The issue resides in the /soplanning/www/user_groupes.php file, specifically in the by parameter. An attacker can exploit this vulnerability by submitting a maliciously crafted query. Successful exploitation grants the attacker access to all stored data in the database, potentially leading to confidential information disclosure or unauthorized modifications. This vulnerability poses a significant risk and requires immediate attention and patching from SOPlanning users.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- SOPlanning