CVE-2024-27112

CRITICAL

SO Planning <1.52.02 - SQL Injection

Title source: llm
STIX 2.1

Description

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02.

References (1)

Core 1
Core References
Broken Link third-party-advisory
https://csirt.divd.nl/CVE-2024-27112

Scores

CVSS v3 9.8
EPSS 0.0041
EPSS Percentile 32.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
soplanning/soplanning < 1.52.02
Published Sep 11, 2024
Tracked Since Feb 18, 2026