Description
SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://cert.pl/en/posts/2026/06/CVE-2026-40543
Product product
https://www.soplanning.org/en/
Scores
CVSS v4
8.7
EPSS
0.0026
EPSS Percentile
17.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
SOPlanning/SOPlanning
< 1.55
Published
Jun 01, 2026
Tracked Since
Jun 01, 2026