CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02.

Published: Sep 11, 2024
Updated: May 4, 2025
CVE: CVE-2024-27112
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
soplanning / soplanning	-	1.52.02

https://csirt.divd.nl/CVE-2024-27112

Vulnerability Database

290,020

CVE-2024-27112