Filtered by vendor Soplanning
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9269 | 1 Soplanning | 1 Soplanning | 2020-02-20 | 9.0 HIGH | 7.2 HIGH |
| SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. | |||||
| CVE-2020-9268 | 1 Soplanning | 1 Soplanning | 2020-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. | |||||
| CVE-2019-20179 | 1 Soplanning | 1 Soplanning | 2020-01-15 | 6.5 MEDIUM | 8.8 HIGH |
| SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. | |||||
| CVE-2014-8675 | 1 Soplanning | 1 Soplanning | 2017-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash. | |||||