CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-57170

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables attackers to delete arbitrary files outside the intended upload directory, potentially leading to denial of service or disruption of application functionality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.8%

CVSS Severity

CVSS v3 Score 6.5

References

https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-deletion
https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-deletion

Products affected by CVE-2024-57170

Soplanning » Soplanning » Version: 1.53.00

cpe:2.3:a:soplanning:soplanning:1.53.00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-57170

Products

Pricing

Contact Us