Skip to main content

SOPlanning CVE-2026-50644

| EUVDEUVD-2026-42576 HIGH
SQL Injection (CWE-89)
2026-07-09 CERT-PL GHSA-x2cq-w235-pr8h
8.6
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.7 MEDIUM

Network-reachable form but requires the parameters_all admin right (PR:H); stored SQLi yields high read/write DB impact (C:H/I:H) with only limited availability effect (A:L).

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 12:16 EUVD
Analysis Generated
Jul 09, 2026 - 11:27 vuln.today

DescriptionCVE.org

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parameters_all rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed (by the attacker or another user).

This issue was fixed in version 1.56.01.

AnalysisAI

Authenticated SQL injection in SOPlanning lets a user holding the parameters_all privilege inject SQL through the audit retention configuration form, which is stored and then executed whenever the audit functionality is loaded by that attacker or any other user. Affected installations prior to version 1.56.01 face compromise of the underlying database, including data theft and modification. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with parameters_all rights
Delivery
Submit SQL payload in audit retention config
Exploit
Payload stored in database
Execution
Audit functionality accessed
Persist
Injected query executes
Impact
Read or modify database data

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated SOPlanning account holding the parameters_all administrative right - the attacker must be able to open and submit the audit retention configuration form. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L) scores 8.6 (High) and is the dominant real-world signal here. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious or compromised administrator with the parameters_all right opens the audit retention configuration form and saves a crafted value containing SQL syntax instead of a legitimate retention setting. The payload is stored, and when the audit functionality is next accessed - by the attacker or an unwitting colleague - the injected SQL executes against the database, allowing the attacker to read or alter arbitrary records. …
Remediation Vendor-released patch: upgrade to SOPlanning 1.56.01 or later, which fixes the flaw. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all SOPlanning deployments, identify current versions, and document users with parameters_all privilege. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2014-8676 MEDIUM POC
5.3 Aug 31

Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attacke

CVE-2014-8675 HIGH POC
7.5 Aug 31

Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which all

CVE-2024-57169 CRITICAL POC
9.8 Mar 18

A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. Rated critical sev

CVE-2024-27115 CRITICAL POC
10.0 Sep 11

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. Rated crit

CVE-2020-9268 HIGH POC
7.5 Feb 18

SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_creat

CVE-2020-9269 HIGH POC
7.2 Feb 18

SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as

CVE-2024-57170 MEDIUM POC
6.5 Mar 18

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. Rated medium severity (CVSS 6.5)

CVE-2020-9267 MEDIUM POC
6.5 Feb 18

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. Rat

CVE-2020-9266 MEDIUM POC
6.5 Feb 18

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xaja

CVE-2014-8677 MEDIUM POC
5.3 Aug 31

The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and

CVE-2020-15597 MEDIUM POC
5.4 Aug 11

SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment fi

CVE-2020-9339 MEDIUM POC
5.4 Feb 22

SOPlanning 1.45 allows XSS via the Name or Comment to status.php. Rated medium severity (CVSS 5.4), this vulnerability i

Share

CVE-2026-50644 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy