Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:40D737C6-0618-41B8-BA61-515B82D35F18
HistoryFeb 18, 2020 - 12:00 a.m.

CVE-2020-9269

2020-02-1800:00:00
attackerkb.com
9

EPSS

0.001

Percentile

40.0%

JSON

SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.

Recent assessments:

J3rryBl4nks at March 09, 2020 9:09pm UTC reported:

This is an injection that is trivial to exploit and also to find.

<https://github.com/J3rryBl4nks/SOPlanning&gt;

You can see the POC in my github. The exploit does require authentication, but you can extract the admin hash through the other SQL injection vulnerability or through the CSRF to add an admin user.

Due to the low volume of installs, this isn’t incredibly useful in the wild.

Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 5

Related

prion 1
nvd 1
cvelist 1
cve 1
prion
prion
Sql injection
2020-02-18 19:15:00
nvd
nvd
CVE-2020-9269
2020-02-18 19:15:17
cvelist
cvelist
CVE-2020-9269
2020-02-18 17:22:06
cve
cve
CVE-2020-9269
2020-02-18 19:15:17

EPSS

0.001

Percentile

40.0%

JSON
Related for AKB:40D737C6-0618-41B8-BA61-515B82D35F18
prion1nvd1cvelist1cve1