CVE-2024-27115
The target SOPlanning instance is vulnerable to CVE-2024-27115 due to its outdated version; 1.52.01.
A successful authentication has been made. Exploit is archivable.
/Practice/BitForge/3-Exploitation/attachments/{1207D083-38D8-4330-86B2-779C96F8CCE0}.png)
A vulnerability was found in Simple Online Planning SO Planning. It has been classified as very critical. Affected is an unknown code block. The manipulation with an unknown input leads to a unrestricted upload vulnerability. CWE is classifying the issue as CWE-434. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. This is going to have an impact on confidentiality, integrity, and availability.
Exploit
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ searchsploit -m php/webapps/52082.py ; mv 52082.py CVE-2024-27115.py
Exploit: SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
URL: https://www.exploit-db.com/exploits/52082
Path: /usr/share/exploitdb/exploits/php/webapps/52082.py
Codes: N/A
Verified: False
File Type: Python script, ASCII text executable
Copied to: /home/kali/PEN-200/PG_PRACTICE/bitforge/52082.pyExploit locally available