CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-27114: Remote Code Execution through File Upload in SOPlanning before 1.52.02

8.9 CVSS

Description

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02.

Classification

CVE ID: CVE-2024-27114

CVSS Base Severity: HIGH

CVSS Base Score: 8.9

Affected Products

Vendor: Simple Online Planning

Product: SO Planning

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.76% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

References

https://csirt.divd.nl/CVE-2024-27114

Timeline

2025-01-10 00:30:43 UTC
CVE

Remote Code Execution through File Upload in SOPlanning before 1.52.02