CVE-2024-33722

MEDIUM

SOPlanning 1.52.00 - Authenticated SQL Injection via projets.php statut[] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-33722. PoCs published by fuzzlove.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-33722, an authenticated SQL injection vulnerability in SOPlanning v1.52.00. It includes a specific payload and a curl command to demonstrate the exploit, along with a description of the attack vector and prerequisites.

Description

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[].

Exploits (1)

github WRITEUP

by fuzzlove · poc

https://github.com/fuzzlove/soplanning-1.52-exploits

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2024-33722, an authenticated SQL injection vulnerability in SOPlanning v1.52.00. It includes a specific payload and a curl command to demonstrate the exploit, along with a description of the attack vector and prerequisites.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: SOPlanning v1.52.00

Auth required

Prerequisites: authenticated session · valid cookies

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed May 08, 2026 Full analysis →

References (1)

Core 1

Core References

https://github.com/fuzzlove/soplanning-1.52-exploits

Scores

CVSS v3 6.3

EPSS 0.0024

EPSS Percentile 15.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Published May 08, 2026

Tracked Since May 08, 2026