A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://csirt.divd.nl/CVE-2024-27115 |     | 
History
                    Wed, 18 Sep 2024 21:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Soplanning Soplanning soplanning | |
| CPEs | cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:* | |
| Vendors & Products | Soplanning Soplanning soplanning | |
| Metrics | cvssV3_1 
 | 
Wed, 11 Sep 2024 16:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Simple Online Planning Simple Online Planning so Planning | |
| CPEs | cpe:2.3:a:simple_online_planning:so_planning:*:*:*:*:*:*:*:* | |
| Vendors & Products | Simple Online Planning Simple Online Planning so Planning | |
| Metrics | ssvc 
 | 
Wed, 11 Sep 2024 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02. | |
| Title | Remote Code Execution through File Upload in SOPlanning before 1.52.02 | |
| Weaknesses | CWE-434 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: DIVD
Published: 2024-09-11T13:41:16.520Z
Updated: 2025-03-11T13:38:36.122Z
Reserved: 2024-02-19T19:21:08.621Z
Link: CVE-2024-27115
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-09-11T15:45:10.475Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-09-11T14:15:13.147
Modified: 2024-09-18T20:32:26.717
Link: CVE-2024-27115
 Redhat
                        Redhat
                    No data.