Soplanning

soplanning

34 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (34)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-25867 1Soplanning 1Soplanning Nov 21, 2024 Oct 7, 2020 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. It allows a bypass to get access without authentication.
CVE-2020-15597 1Soplanning 1Soplanning Nov 21, 2024 Aug 11, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field.
CVE-2020-9339 1Soplanning 1Soplanning Nov 21, 2024 Feb 22, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
CVE-2020-9338 1Soplanning 1Soplanning Nov 21, 2024 Feb 22, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
CVE-2020-9269 1Soplanning 1Soplanning Nov 21, 2024 Feb 18, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
CVE-2020-9268 1Soplanning 1Soplanning Nov 21, 2024 Feb 18, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
CVE-2020-9267 1Soplanning 1Soplanning Nov 21, 2024 Feb 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
CVE-2020-9266 1Soplanning 1Soplanning Nov 21, 2024 Feb 18, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
CVE-2019-20179 1Soplanning 1Soplanning Nov 21, 2024 Jan 9, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter.
CVE-2014-8673 1Soplanning 1Soplanning Nov 21, 2024 Jan 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
CVE-2014-8674 1Soplanning 1Soplanning Nov 21, 2024 Jan 6, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malic...Show more Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.Show less
CVE-2014-8677 1Soplanning 1Soplanning May 13, 2026 Aug 31, 2017 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, o...Show more The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.Show less
CVE-2014-8676 1Soplanning 1Soplanning May 13, 2026 Aug 31, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
CVE-2014-8675 1Soplanning 1Soplanning May 13, 2026 Aug 31, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded...Show more Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.Show less