SQL Injection Vulnerability in SOPlanning by SOPlanning
CVE-2024-33722

6.3MEDIUM

Key Information:

Vendor: SOPlanning
Status: SOPlanning
Vendor: CVE Published:; 8 May 2026

What is CVE-2024-33722?

SOPlanning version 1.52.00 is susceptible to SQL Injection attacks when an authenticated user manipulates the 'statut[]' parameter in the projets.php file. This vulnerability allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data and compromising the integrity of the application's database.

References

https://github.com/fuzzlove/soplanning-1.52-exploits

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Apr 26, 2024

CVE-2024-33722 Data

JSON