CVE-2024-27115
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2024-27115. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.
Available Exploits
SOPlanning - Remote Code Execution
Detects a remote code execution vulnerability in SOPlanning version 1.52.01 through authenticated PHP file upload.
Related News
Affected Products
Affected Versions:
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: September 11, 2024, Modified: September 18, 2024