CVE-2024-57169

Published: Mar 18, 2025Modified: Apr 2, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.

Affected (1)

Products: Soplanning: Soplanning

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Soplanning Soplanning	Version 1.53.00

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-upload-leading-to-rce

Source: cve@mitre.org

Exploit

https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-upload-leading-to-rce

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline

No history available yet.