A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.

Related CVEs

CVE-2024-27115

Key Information

GHSA ID

GHSA-97v4-fg36-6rc2

Published

September 11, 2024 3:31 PM

Last Modified

September 18, 2024 9:30 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 26, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.