CVE-2024-57170 Information

Description

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The ichier_to_delete\ parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g. ../). This vulnerability enables attackers to delete arbitrary files outside the intended upload directory potentially leading to denial of service or disruption of application functionality.

Reference

https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-deletion