Soplanning: >> Soplanning >> 1.45 Security Vulnerabilities
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-02-18
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-18
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-18
SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-01-09
Page 2