CVE-2024-27114
A unauthenticated Remote Code Execution (RCE) vulnerability is found in
Description
Description
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| soplanning | soplanning | to 1.52.02 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2024-09-11
CVE Last Modified Date:
2024-09-19
Report Generation Date:
2025-06-02
EPSS Last Evaluated Date:
2025-03-31
NVD Report Link: