CVE-2024-27115

A unauthenticated Remote Code Execution RCE vulnerability is found in

Publication date: 2024-09-11

Last updated on: 2024-09-18

Description

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.

CVSS Scores

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Broken Link

Exploitability

CWE ID	Description
CWE-434	Unrestricted Upload of File with Dangerous Type

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

Meta Information

Date published:

2024-09-11

Date last modified:

2024-09-18

Date generated:

2025-01-15

NVD report:

CVE-2024-27115