CVE-2024-27114
A unauthenticated Remote Code Execution RCE vulnerability is found in
Description
Description
A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02.
CVSS Scores
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
Date published:
2024-09-11
Date last modified:
2024-09-19
Date generated:
2025-01-15
NVD report: