CVE-2014-8673

CRITICAL

SOPPlanning <1.33 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8673. PoCs published by Huy-Ngoc DAU.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in SOPlanning 1.32 and prior, including SQL injection, XSS, path traversal, authentication hash disclosure, and PHP code injection during installation. It provides detailed proof-of-concept examples for each vulnerability.

Description

Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.

Exploits (1)

exploitdb WORKING POC
by Huy-Ngoc DAU · textwebappsphp
https://www.exploit-db.com/exploits/37604

The exploit demonstrates multiple vulnerabilities in SOPlanning 1.32 and prior, including SQL injection, XSS, path traversal, authentication hash disclosure, and PHP code injection during installation. It provides detailed proof-of-concept examples for each vulnerability.

Classification
Working Poc 95%
Attack Type
Sqli | Xss | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: SOPlanning - Simple Online Planning Tool 1.32 and prior
No auth needed
Prerequisites: Access to the target application · Valid session cookie for authenticated vulnerabilities
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/75726
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2015/Jul/44
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/37604/

Scores

CVSS v3 9.8
EPSS 0.4986
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
soplanning/soplanning < 1.32
Published Jan 07, 2020
Tracked Since Feb 18, 2026