CVE-2024-57170

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables attackers to delete arbitrary files outside the intended upload directory, potentially leading to denial of service or disruption of application functionality.

Published: Mar 18, 2025
Updated: May 4, 2025
CVE: CVE-2024-57170
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
soplanning / soplanning	1.53.00	1.53.00.x

https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-deletion

Vulnerability Database

290,020

CVE-2024-57170