CVE 8.7 HIGH

Multiple SQL Injections in SOPlanning_CVE-2026-40546

June 1, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.

This issue affects SOPlanning version 1.55 and below.

AI Analysis

SQL Injection vulnerability allowing attackers to inject arbitrary SQL commands and potentially gain full control over the database.

Basic Information

ID CVE-2026-40546

Source CERT-PL

Published Jun 1, 2026 at 09:04

Affected Product

Vendor SOPlanning

Product SOPlanning

Affected Versions SOPlanning SOPlanning 0

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor SOPlanning

Product SOPlanning

Version 1.55 and below

References

{
    "lastseen": "",
    "description": "SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.\n\nThis issue affects SOPlanning version 1.55 and below.",
    "published": "2026-06-01T09:04:00.756Z",
    "modified": "2026-06-01T09:04:00.756Z",
    "type": "cve",
    "title": "Multiple SQL Injections in SOPlanning",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2026/06/CVE-2026-40543\nhttps://www.soplanning.org/en/",
    "id": "CVE-2026-40546",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "SOPlanning SOPlanning 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SOPlanning",
    "version": "0",
    "vendor": "SOPlanning",
    "ai_description": "SQL Injection vulnerability allowing attackers to inject arbitrary SQL commands and potentially gain full control over the database.",
    "ai_severity": "High",
    "ai_vendor": "SOPlanning",
    "ai_product": "SOPlanning",
    "ai_version": "1.55 and below",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply