Soplanning: >> Soplanning Security Vulnerabilities
SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. It allows a bypass to get access without authentication.
CVSS Score
5.3
EPSS Score
0.313
Published
2020-10-07
SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-11
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-22
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-22
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-02-18
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-02-18
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-18
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-18
SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-01-09
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
CVSS Score
9.8
EPSS Score
0.499
Published
2020-01-07