SOPlanning Missing Authorization Vulnerability in Backup Functionality Allowing Unauthenticated Data Access

Vulnerability

A vulnerability exists in SOPlanning versions through 1.55, where the application fails to enforce proper authorization for backup functionalities. This allows unauthenticated attackers to directly access backup-related endpoints and retrieve archives containing user databases with usernames and password hashes, as well as a config.csv file with additional sensitive information. The issue arises from the lack of authorization checks, enabling unauthorized access to critical data through the backup functionality.

Impact

Exploitation of this vulnerability allows unauthorized users to access and download sensitive backup files containing user database information and configuration details, potentially leading to unauthorized account access or data breaches.

Added: Jun 1, 2026, 9:40 AM

Updated: Jun 1, 2026, 9:40 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SOPlanning Missing Authorization Vulnerability in Backup Functionality Allowing Unauthenticated Data Access

Vulnerability

Impact

Affected Products

SOPlanning

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating