Description
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 (Path Traversal), the malicious file (e.g., a PHP script) can be placed in a web-accessible location and executed via the browser.

This issue affects SOPlanning version 1.55 and below.
Published: 2026-06-01
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SOPlanning allows authenticated users to upload a ZIP archive through the backup feature without checking the file extension or the contents of the archive. During extraction, the application writes files to the server’s file system, and when used together with a Path Traversal vulnerability (CVE‑2026‑40547) attackers can place a malicious file such as a PHP script in a web‑accessible directory. This results in the ability to execute arbitrary code in the context of the web application, potentially compromising the entire server. The weakness is identified as CWE‑434 (Unrestricted Upload of File With Dangerous Type).

Affected Systems

Affecting the SOPlanning application from the vendor SOPlanning, version 1.55 and earlier. No additional vendor or product detail is provided.

Risk and Exploitability

The CVSS score of 6.4 reflects moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires legitimate authentication to the backup functionality, making the threat vector authenticated. The combination with an existing Path Traversal flaw increases the risk by enabling remote file execution in a web‑accessible location.

Generated by OpenCVE AI on June 1, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SOPlanning to a version newer than 1.55, ensuring the file upload validation is fixed.
  • Disallow the backup functionality or restrict it to trusted administrators and apply stricter access controls.
  • Implement file type validation on the server side and reject uploads that contain potentially dangerous extensions or executable content.

Generated by OpenCVE AI on June 1, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Soplanning
Soplanning soplanning
Vendors & Products Soplanning
Soplanning soplanning

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 (Path Traversal), the malicious file (e.g., a PHP script) can be placed in a web-accessible location and executed via the browser. This issue affects SOPlanning version 1.55 and below.
Title Unrestricted Upload of File with Dangerous Type in SOPlanning
Weaknesses CWE-434
References
Metrics cvssV4_0

{'score': 6.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Soplanning Soplanning
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-06-01T13:04:41.827Z

Reserved: 2026-04-14T09:44:27.613Z

Link: CVE-2026-40548

cve-icon Vulnrichment

Updated: 2026-06-01T13:04:38.625Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T09:16:17.647

Modified: 2026-06-01T16:37:15.140

Link: CVE-2026-40548

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T10:30:26Z

Weaknesses
  • CWE-434

    Unrestricted Upload of File with Dangerous Type