Lucene search

DIVDCVELIST:CVE-2024-27113

HistorySep 11, 2024 - 1:41 p.m.

CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02

2024-09-1113:41:16

CWE-200

DIVD

www.cve.org

cve-2024-27113

insecure direct object reference

soplanning

database export

csv file

version 1.52.02

vulnerability

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N/S:N/AU:Y/U:Red/R:A/V:C/RE:M

EPSS

0.001

Percentile

39.7%

JSON

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02.

CNA Affected

[
  {
    "vendor": "Simple Online Planning",
    "product": "SO Planning",
    "collectionURL": "https://sourceforge.net/projects/soplanning/",
    "versions": [
      {
        "status": "affected",
        "version": "before 1.52.01"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

csirt.divd.nl/CVE-2024-27113

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N/S:N/AU:Y/U:Red/R:A/V:C/RE:M

EPSS

0.001

Percentile

39.7%

JSON

Related for CVELIST:CVE-2024-27113