Soplanning: >> Soplanning >> 1.53.00 Security Vulnerabilities
A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-03-18
SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables attackers to delete arbitrary files outside the intended upload directory, potentially leading to denial of service or disruption of application functionality.
CVSS Score
6.5
EPSS Score
0.004
Published
2025-03-18