Vulnerability Details CVE-2014-8677
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jul/44
- http://www.securityfocus.com/bid/75726
- https://www.exploit-db.com/exploits/37604/
- http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jul/44
- http://www.securityfocus.com/bid/75726
- https://www.exploit-db.com/exploits/37604/
Products affected by CVE-2014-8677
-
cpe:2.3:a:soplanning:soplanning:-
-
cpe:2.3:a:soplanning:soplanning:0.9
-
cpe:2.3:a:soplanning:soplanning:0.91
-
cpe:2.3:a:soplanning:soplanning:0.92
-
cpe:2.3:a:soplanning:soplanning:0.922
-
cpe:2.3:a:soplanning:soplanning:0.923
-
cpe:2.3:a:soplanning:soplanning:0.924
-
cpe:2.3:a:soplanning:soplanning:0.925
-
cpe:2.3:a:soplanning:soplanning:1.04
-
cpe:2.3:a:soplanning:soplanning:1.05
-
cpe:2.3:a:soplanning:soplanning:1.06
-
cpe:2.3:a:soplanning:soplanning:1.07
-
cpe:2.3:a:soplanning:soplanning:1.08
-
cpe:2.3:a:soplanning:soplanning:1.10
-
cpe:2.3:a:soplanning:soplanning:1.12
-
cpe:2.3:a:soplanning:soplanning:1.13
-
cpe:2.3:a:soplanning:soplanning:1.14
-
cpe:2.3:a:soplanning:soplanning:1.15
-
cpe:2.3:a:soplanning:soplanning:1.16
-
cpe:2.3:a:soplanning:soplanning:1.18
-
cpe:2.3:a:soplanning:soplanning:1.19
-
cpe:2.3:a:soplanning:soplanning:1.20
-
cpe:2.3:a:soplanning:soplanning:1.21
-
cpe:2.3:a:soplanning:soplanning:1.22
-
cpe:2.3:a:soplanning:soplanning:1.23
-
cpe:2.3:a:soplanning:soplanning:1.24
-
cpe:2.3:a:soplanning:soplanning:1.25
-
cpe:2.3:a:soplanning:soplanning:1.26
-
cpe:2.3:a:soplanning:soplanning:1.27
-
cpe:2.3:a:soplanning:soplanning:1.28
-
cpe:2.3:a:soplanning:soplanning:1.29
-
cpe:2.3:a:soplanning:soplanning:1.30
-
cpe:2.3:a:soplanning:soplanning:1.31
-
cpe:2.3:a:soplanning:soplanning:1.32