CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO

Publication date: 2024-09-11

Last updated on: 2024-09-18

Description

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Affected Vendors & Products

Vendor	Product	Version
soplanning	soplanning	to 1.52.02 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

EPSS Chart

Meta Information

CVE Publication Date:

2024-09-11

CVE Last Modified Date:

2024-09-18

Report Generation Date:

2025-11-08

EPSS Last Evaluated Date:

2025-08-20

NVD Report Link:

CVE-2024-27112