Known Vulnerabilities for products from Soplanning

Listed below are 15 of the newest known vulnerabilities associated with the vendor "Soplanning".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-40549 json Not Provided 2026-06-01 2026-06-01
CVE-2026-40548 json Not Provided 2026-06-01 2026-06-01
CVE-2026-40547 json Not Provided 2026-06-01 2026-06-01
CVE-2026-40546 json Not Provided 2026-06-01 2026-06-01
CVE-2026-40545 json Not Provided 2026-06-01 2026-06-01
CVE-2026-40544 json Not Provided 2026-06-01 2026-06-01
CVE-2026-40543 json Not Provided 2026-06-01 2026-06-01
CVE-2024-33724 json Not Provided 2026-05-08 2026-05-08
CVE-2024-33722 json Not Provided 2026-05-08 2026-05-08
CVE-2020-25867 json SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. It allows a bypass to get a... 5.3 - MEDIUM 2020-10-07 2020-10-15
CVE-2020-15597 json SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. 5.4 - MEDIUM 2020-08-11 2020-08-13
CVE-2020-13963 json SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication al... 9.8 - CRITICAL 2021-03-21 2022-11-05
CVE-2020-9339 json SOPlanning 1.45 allows XSS via the Name or Comment to status.php. 5.4 - MEDIUM 2020-02-22 2020-02-24
CVE-2020-9338 json SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. 5.4 - MEDIUM 2020-02-22 2020-02-24
CVE-2020-9269 json SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demo... 7.2 - HIGH 2020-02-18 2020-02-20
CVE-2020-9268 json SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&b... 7.5 - HIGH 2020-02-18 2020-02-19
CVE-2020-9267 json SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php. 6.5 - MEDIUM 2020-02-18 2020-02-19
CVE-2020-9266 json SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_ser... 6.5 - MEDIUM 2020-02-18 2020-02-19
CVE-2019-20179 json SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter. 8.8 - HIGH 2020-01-09 2023-11-07
CVE-2014-8677 json The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and acce... 5.3 - MEDIUM 2017-08-31 2017-09-06
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Soplanning

Type Vendor Product Version
ApplicationSoplanningSoplanning0.9
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report