What is CVE-2024-27115?

CVE-2024-27115 is a vulnerability in Simple Online Planning So, classified under Unrestricted Upload of File with Dangerous Type. Published 2024-09-11.

Is CVE-2024-27115 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Simple Online Planning So

CVE-2024-27115

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying…

Vulnerability class: Unrestricted File Upload

EPSS: 0.818 (99.2th percentile) — read the EPSS interpretation.

Affected products

Simple Online Planning So — versions before 1.52.01

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

csirt.divd.nl/CVE-2024-27115 (third-party-advisory)

Frequently asked questions

What is CVE-2024-27115?: CVE-2024-27115 is a vulnerability in Simple Online Planning So, classified under Unrestricted Upload of File with Dangerous Type. Published 2024-09-11.
Is CVE-2024-27115 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.