SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Recent assessments:
J3rryBl4nks at March 09, 2020 9:11pm UTC reported:
This SQL Injection is trivial to identify and exploit:
<https://github.com/J3rryBl4nks/SOPlanning>
This injection will allow you to dump the contents of the database and can be done with low privilege access.
This application does not have a large install base and so it is not incredibly valuable.
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 5