Multiple vulnerabilities in SOPlanning

Posted date 07/10/2024
Identificador
INCIBE-2024-0495
Importance
5 - Critical
Affected Resources

SOPlanning, versions prior to 1.45.

Description

INCIBE has coordinated the publication of 4 vulnerabilities, 1 of critical severity and 3 medium, affecting SOPlanning in its version 1.45, an online planning tool designed to organize projects and tasks, which have been discovered by Rafael Pedrero.

These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2024-9571: 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79
  • CVE-2024-9572: 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79
  • CVE-2024-9573: 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-89
  • CVE-2024-9574: 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89
Solution

The vulnerability has been fixed in version 1.45. It is recommended to upgrade to the latest available version 1.5.

Detail
  • CVE-2024-9571: Cross-Site Scripting (XSS) vulnerability due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session.
  • CVE-2024-9572: Cross-Site Scripting (XSS) vulnerability due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details.
  • CVE-2024-9573: SQL injection vulnerability through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.
  • CVE-2024-9574: SQL injection vulnerability via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
References list