logo

Vulnerabilities in SOPlanning software

ID: c27134d6-2a72-5c1d-852f-b9ab8b109927

STIX ID: report--c27134d6-2a72-5c1d-852f-b9ab8b109927

Feed Name: CERT Polska

Threat Score
85/100

Date Published: 2026-06-01

Date Updated: 2026-06-01

Author: CERT Polska

...
...

CERT Polska published a coordinated disclosure of seven CVEs affecting SOPlanning (≤1.55). The issues include missing authorization allowing unauthenticated retrieval of backup archives containing user databases and password hashes; stored and reflected XSS enabling JavaScript execution in authenticated users' browsers; SQL injection across multiple endpoints that can lead to full database compromise; path traversal and unrestricted file upload which—when combined—can place and execute arbitrary files on the server; and CSRF vulnerabilities in group management endpoints. Together these vulnerabilities permit data exfiltration, account compromise, and potential remote code execution.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.