Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable form but requires the parameters_all admin right (PR:H); stored SQLi yields high read/write DB impact (C:H/I:H) with only limited availability effect (A:L).
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed (by the attacker or another user).
This issue was fixed in version 1.56.01.
AnalysisAI
Authenticated SQL injection in SOPlanning lets a user holding the parameters_all privilege inject SQL through the audit retention configuration form, which is stored and then executed whenever the audit functionality is loaded by that attacker or any other user. Affected installations prior to version 1.56.01 face compromise of the underlying database, including data theft and modification. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated SOPlanning account holding the parameters_all administrative right - the attacker must be able to open and submit the audit retention configuration form. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L) scores 8.6 (High) and is the dominant real-world signal here. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious or compromised administrator with the parameters_all right opens the audit retention configuration form and saves a crafted value containing SQL syntax instead of a legitimate retention setting. The payload is stored, and when the audit functionality is next accessed - by the attacker or an unwitting colleague - the injected SQL executes against the database, allowing the attacker to read or alter arbitrary records. … |
| Remediation | Vendor-released patch: upgrade to SOPlanning 1.56.01 or later, which fixes the flaw. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit all SOPlanning deployments, identify current versions, and document users with parameters_all privilege. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Soplanning
View allDirectory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attacke
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which all
A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. Rated critical sev
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. Rated crit
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_creat
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as
SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. Rated medium severity (CVSS 6.5)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. Rat
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xaja
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and
SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment fi
SOPlanning 1.45 allows XSS via the Name or Comment to status.php. Rated medium severity (CVSS 5.4), this vulnerability i
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42576
GHSA-x2cq-w235-pr8h