2 matches found
CVE-2024-57169
A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files...
CVE-2024-57170
CVE-2024-57170 affects SOPlanning 1.53.00, where a directory traversal in /process/upload.php can be triggered via the fichier_to_delete parameter. Authenticated attackers can specify file paths containing traversal sequences (e.g., ../), enabling deletion of arbitrary files outside the intended ...