Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Low

CVE-2020-9339

Disclosure Date: February 22, 2020 (last updated February 21, 2025)
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
1
Attacker Value
Very High

CVE-2020-9338

Disclosure Date: February 22, 2020 (last updated February 21, 2025)
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
1
Attacker Value
Low

CVE-2020-9268

Disclosure Date: February 18, 2020 (last updated February 21, 2025)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
1
Attacker Value
Low

CVE-2020-9269

Disclosure Date: February 18, 2020 (last updated February 21, 2025)
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
1
Attacker Value
Very Low

CVE-2020-9266

Disclosure Date: February 18, 2020 (last updated February 21, 2025)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
1
Attacker Value
Unknown

CVE-2020-9267

Disclosure Date: February 18, 2020 (last updated February 21, 2025)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0