← back
CVE-2020-13963

CVE-2020-13963

EPSS 1.8%
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cwe.mitre.org/data/definitions/321.htmlhttps://forum.soplanning.org/viewforum.php?f=8https://labs.integrity.pt/advisories/cve-2020-13963/