CVE-2024-27113

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02.

Published: Sep 11, 2024
Updated: May 4, 2025
CVE: CVE-2024-27113
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
soplanning / soplanning	-	1.52.02

https://csirt.divd.nl/CVE-2024-27113

Vulnerability Database

290,020

CVE-2024-27113