Authentication Bypass in SoPlanning by Thomas Fady
CVE-2020-25867
5.3MEDIUM
Key Information:
- Vendor
Soplanning
- Status
- Vendor
- CVE Published:
- 7 October 2020
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2020-25867?
SoPlanning versions before 1.47 are vulnerable to an authentication bypass, allowing unauthorized users to access shared planning data without proper authentication checks. This weakness arises from improper validation of the security key used for public sharing, which could potentially lead to data exposure.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
