|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-02-18 | |
| Rule Name: | SO Planning Arbitrary File Upload Vulnerability (CVE-2024-27115) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://csirt.divd.nl/CVE-2024-27115 |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://www.soplanning.org/en/ |