CVE-2024-27115 Scanner

SOPlanning is a software solution used for scheduling and planning tasks within organizations. It is designed to help manage various activities such as resource allocation and project management. SOPlanning is widely used by educational institutions, businesses, and other organizations that need to manage scheduling and resource planning. The software enables administrators to upload files, manage user data, and interact with various planning features. It provides an interface that supports authenticated access for system users. This product is primarily accessed through a web interface, allowing users to access the system remotely.

The detected vulnerability in SOPlanning version 1.52.01 is a remote code execution (RCE) flaw caused by improper handling of file uploads. Specifically, the vulnerability allows an attacker to upload a malicious PHP file through an authenticated file upload endpoint. Once uploaded, the PHP file can be executed on the server, leading to arbitrary code execution. This vulnerability is critical as it allows unauthorized remote execution of code, which could compromise the entire server. The issue arises from the lack of proper validation and sanitization of uploaded files. Attackers can exploit this vulnerability with only authenticated access, making it even more dangerous if credentials are compromised.

The vulnerability occurs during the file upload process, where an attacker can upload a PHP file by submitting a POST request to the /process/upload.php endpoint. The PHP file, which can contain arbitrary code, is stored in the server's file system and can be executed when accessed via a GET request. The attacker must be authenticated to exploit this vulnerability, but once authenticated, they can upload and execute malicious code. The exploit is triggered when the server processes the uploaded file and serves it through the /upload/files/soonghee/ directory. The server does not properly check or sanitize the uploaded file type, allowing PHP code to be executed.

If successfully exploited, this vulnerability can lead to remote code execution on the target server. The attacker could take complete control of the server, execute arbitrary commands, steal sensitive information, modify system files, or further escalate the attack. This could lead to data breaches, system compromise, or service disruption. It also opens the door for further exploitation, such as deploying malware or gaining access to the underlying infrastructure. The severity of the attack is high, as it provides full control over the server. Additionally, since the attack requires authentication, compromising user credentials makes it easier for an attacker to exploit this vulnerability.

REFERENCES

• www.exploit-db.com/exploits/52082
• nvd.nist.gov/vuln/detail/CVE-2024-27115